Inconsistency between legacy and release notes?

Darren Tucker dtucker at
Mon Nov 28 11:14:00 AEDT 2016

On Sat, Nov 26, 2016 at 1:16 AM, Alexander Wuerstlein <arw at> wrote:
> Afaik its because DSA key size has (for very weird reasons admittedly:
> FIPS 186-4) been limited to 1024 bits which is considered weak nowadays.

Use of DSA within the SSH protocol requires the use of SHA1, which is
160 bits (80 bits against a birthday attack) and is reaching its
use-by date.  This is probably why FIPS requires stronger hashes for
DSA key sizes >1k, but those can't be used in SSH because it specifies
only SHA1.

There's some more info in

Darren Tucker (dtucker at
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list