Re: SSH non-compliance with FIPS 186

To: pgut001%cs.auckland.ac.nz@localhost (Peter Gutmann)
Subject: Re: SSH non-compliance with FIPS 186
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: Wed, 16 Apr 2008 08:32:37 +0200

pgut001%cs.auckland.ac.nz@localhost (Peter Gutmann) writes:

>>Should this include the hash algorithm too? You could figure it out from the
>>lengths of r and s, but things could become ambiguous if a future DSA spec
>>lists new hashes with 160 or 256 bit digest lengths.

Agree, I was just about to suggest that.

And if r and s are coded as mpint, rather than fixed size strings,
then you can't infer the hash size from the sizes of r and s in a 100%
reliable manner, only with a very high probability...

> At the moment there's only SHA-1 and SHA-256 specified, so I'd
> suggest:
>
>   "ssh-dsa"        // Implies the traditional "with SHA-1"

I'm not sure it makes much sense to introduce this alternative to the
old "ssh-dss" now, even if we all agree the old way is ugly. And if
you really want to introduce it, why not use "ssh-dsa-sha1", to be
explicit?

>   "ssh-dsa-sha256" // Self-explanatory

This makes a lot of sense, and seems like a useful addition.

And about the details of the naming (one of the great unsolved
problems in CS ;-), the "ssh-"-prefix seems somewhat redundant, but
maybe it's good for consistency.

/Niels

Follow-Ups:
- Re: SSH non-compliance with FIPS 186
  - From: Peter Gutmann

References:
- Re: SSH non-compliance with FIPS 186
  - From: Peter Gutmann

Prev by Date: Re: SSH non-compliance with FIPS 186
Next by Date: Re: SSH non-compliance with FIPS 186
Previous by Thread: Re: SSH non-compliance with FIPS 186
Next by Thread: Re: SSH non-compliance with FIPS 186
Indexes:

Home | Main Index | Thread Index | Old Index