[Bug 1647] Implement FIPS 186-3 for DSA keys
djm at mindrot.org
Wed Sep 11 13:18:27 EST 2013
On Tue, 10 Sep 2013, Mark D. Baushke wrote:
> Other alternatives would mean writing another RFC to deal with a new
> public key algorithm name or set of names to handle the key sizes and
> hash algorithms you want to allow.
Or just abandoning DSA for ECDSA. It has the advantages of already being
implemented, being faster and offering a better security level (assuming
NIST/NSA haven't some exquisite backdoor in the curves).
More information about the openssh-unix-dev