Inconsistency between legacy and release notes?

Pedro Melo melo at
Mon Nov 28 17:46:31 AEDT 2016


On 28/11/16 00:14, "dtucker at on behalf of Darren Tucker" <dtucker at on behalf of dtucker at> wrote:

    On Sat, Nov 26, 2016 at 1:16 AM, Alexander Wuerstlein <arw at> wrote:
    > Afaik its because DSA key size has (for very weird reasons admittedly:
    > FIPS 186-4) been limited to 1024 bits which is considered weak nowadays.
    Use of DSA within the SSH protocol requires the use of SHA1, which is
    160 bits (80 bits against a birthday attack) and is reaching its
    use-by date.  This is probably why FIPS requires stronger hashes for
    DSA key sizes >1k, but those can't be used in SSH because it specifies
    only SHA1.
    There's some more info in

My initial email was not about why DSA was deprecated (although I do appreciate the reasons, thank you), but more about the fact that this deprecation is not mentioned on the OpenSSH release notes, so I would argue that DSA was not in fact deprecated…

I think mentioning on the next release release notes would be important to make it official.

Thank you,

More information about the openssh-unix-dev mailing list