Re: DSA keys larger than 1024 bits

To: ietf-ssh%denisbider.com@localhost, nisse%lysator.liu.se@localhost
Subject: Re: DSA keys larger than 1024 bits
From: pgut001%cs.auckland.ac.nz@localhost (Peter Gutmann)
Date: Wed, 02 Nov 2005 17:06:14 +1300

nisse%lysator.liu.se@localhost (=?iso-8859-1?q?Niels_M=F6ller?=) writes:

>I suspect that most ssh users that have generated a 4096 bit dsa key
>are unaware that the security is tied to the 160 bit subgroup, and
>that most would be better served by using a large rsa key instead. By
>supporting huge dsa keys, one confuses the users.

I know that at least some users are aware that they're not getting any
extra security, but are using 4Kbit keys anyway for warm fuzzies (hey,
don't look at me, they probably wear tinfoil hats too :-).  The real
fault though is with the software and/or the documentation, it shouldn't
let you generate illogical key sizes, or should warn against doing so.

Peter.

References:
- Re: DSA keys larger than 1024 bits
  - From: Niels Möller

Prev by Date: Re: DSA keys larger than 1024 bits
Next by Date: Re: Definition of "packet"
Previous by Thread: Re: DSA keys larger than 1024 bits
Next by Thread: NIST spec for hash-based key derivation.
Indexes:

Home | Main Index | Thread Index | Old Index