Re: SSH non-compliance with FIPS 186

To: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Subject: Re: SSH non-compliance with FIPS 186
From: Damien Miller <djm%mindrot.org@localhost>
Date: Wed, 16 Apr 2008 09:33:24 +1000 (EST)


On Tue, 15 Apr 2008, Peter Gutmann wrote:

> The real problem is the problematic use of 'dss_signature_blob', which
> (unlike all other public-key related formats) uses a fixed size for
> the fields, with no provision for specifying length information. Since
> it's unlikely that everyone will change their implementations to limit
> DSA keys to 1024 bits as is required for FIPS compliance when q = 160
> bits, I'd like to propose a correction to the spec with a new DSA sig
> format:
>
>   string    "ssh-dss-fips"    // Or whatever
>   mpint     r
>   mpint     s
> 
> to allow use with with keys generated according to FIPS 186.  Comments?

Should this include the hash algorithm too? You could figure it out from
the lengths of r and s, but things could become ambiguous if a future DSA
spec lists new hashes with 160 or 256 bit digest lengths.

-d

Follow-Ups:
- Re: SSH non-compliance with FIPS 186
  - From: Peter Gutmann

References:
- SSH non-compliance with FIPS 186
  - From: Peter Gutmann

Prev by Date: Re: SSH non-compliance with FIPS 186
Next by Date: Re: SSH non-compliance with FIPS 186
Previous by Thread: Re: SSH non-compliance with FIPS 186
Next by Thread: Re: SSH non-compliance with FIPS 186
Indexes:

Home | Main Index | Thread Index | Old Index