IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: DSA keys larger than 1024 bits



nisse%lysator.liu.se@localhost (=?iso-8859-1?q?Niels_M=F6ller?=) writes:

>I suspect that most ssh users that have generated a 4096 bit dsa key
>are unaware that the security is tied to the 160 bit subgroup, and
>that most would be better served by using a large rsa key instead. By
>supporting huge dsa keys, one confuses the users.

I know that at least some users are aware that they're not getting any
extra security, but are using 4Kbit keys anyway for warm fuzzies (hey,
don't look at me, they probably wear tinfoil hats too :-).  The real
fault though is with the software and/or the documentation, it shouldn't
let you generate illogical key sizes, or should warn against doing so.

Peter.



Home | Main Index | Thread Index | Old Index