Inconsistency between legacy and release notes?
Pedro Melo
melo at simplicidade.org
Mon Nov 28 17:46:31 AEDT 2016
Hi
On 28/11/16 00:14, "dtucker at dtucker.net on behalf of Darren Tucker" <dtucker at dtucker.net on behalf of dtucker at zip.com.au> wrote:
On Sat, Nov 26, 2016 at 1:16 AM, Alexander Wuerstlein <arw at cs.fau.de> wrote:
[...]
> Afaik its because DSA key size has (for very weird reasons admittedly:
> FIPS 186-4) been limited to 1024 bits which is considered weak nowadays.
Use of DSA within the SSH protocol requires the use of SHA1, which is
160 bits (80 bits against a birthday attack) and is reaching its
use-by date. This is probably why FIPS requires stronger hashes for
DSA key sizes >1k, but those can't be used in SSH because it specifies
only SHA1.
There's some more info in https://bugzilla.mindrot.org/show_bug.cgi?id=1647
My initial email was not about why DSA was deprecated (although I do appreciate the reasons, thank you), but more about the fact that this deprecation is not mentioned on the OpenSSH release notes, so I would argue that DSA was not in fact deprecated…
I think mentioning on the next release release notes would be important to make it official.
Thank you,
More information about the openssh-unix-dev
mailing list