[Bug 1647] Implement FIPS 186-3 for DSA keys

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Sep 10 18:28:41 EST 2013


https://bugzilla.mindrot.org/show_bug.cgi?id=1647

mackyle at gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mackyle at gmail.com

--- Comment #2 from mackyle at gmail.com ---
RFC 6668 [1] (2012-07) updated RFC 4253 adding the SHA-256 data
integrity algorithm as a new recommended algorithm.

FIPS 186-4 [2] (2013-07) section 4.2 includes the same DSA parameters
as FIPS 186-3:

L = 1024, N = 160 
L = 2048, N = 224 
L = 2048, N = 256 
L = 3072, N = 256

And it would seem that the L=2048,N=256 L=3072,N=256 selections are now
possible while remaining standards compliant.

It appears that OpenSSH has added support for SHA-256 and SHA-512 in
version 5.9p1 (2011-09).

[1] http://tools.ietf.org/html/rfc6668
[2] http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list