[Bug 2115] Support for DSA p=2048 q=256/224 bit keys
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Jun 3 18:51:25 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=2115
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
URL|openssh at openssh.com |
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Right, we don't support DSA keys with q!=160 because the SSH protocol
isn't specified for them. We also refuse to generate DSA keys with bit
lengths other than 1024 for this reason. Are you generating your keys
using openssl directly?
Changing this will require a protocol extension and the keys used will
be called something other than "ssh-dss". I'm not sure whether it is
worth it, since we support ECDSA modes that are faster and more secure.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list