[Bug 1119] Enhancement request for raising minimum acceptable key length.
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Nov 28 22:15:32 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=1119
------- Comment #4 from dtucker at zip.com.au 2005-11-28 22:15 -------
(In reply to comment #3)
> Well the FIPS may specify 1024 bits for DSA but is there any reason besides the
> FIPS why larger DSA keys should not be used? Are they less secure (probably
> not).
They're not less secure, but they're apparently not (much?) more secure. The
security is apparently limited by the 160 bit subgroup that's part of the
public key, and the use of SHA1 (again, 160 bits).
So there's no real security gain, and the larger keys can confuse other
implementations which do adhere strictly to the spec. If you want big keys,
use RSA.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list