FIPS186-3 and NIST SP800-57 support
dtucker at zip.com.au
Tue Feb 16 18:29:46 EST 2010
Gerardo Petti wrote:
> I saw from OpenSSH man pages that the DSA key length must be 1024 bytes
> (according to the standard FIPS 186-2).
> According to the FIPS186-3 and NIST SP800-57, DSA key length could be
> greater than 1024 bytes (2048, 3072).
FIPS 186-3 also specifies hashes other than SHA-1 for key lengths >1024.
> Will OpenSSH be compliant with this new standard?
As far as DSA key length goes I think it's already compliant with FIPS
186-3 as far as is possible within the SSH protocol spec. See
https://bugzilla.mindrot.org/show_bug.cgi?id=1647 for details.
If you want keys stronger than 1024 bits then use RSA.
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev