--nextPart2371444.jtYBsPR1JI
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Wednesday 13 September 2006 16:51, Ian Becker wrote:
> On Wed, Sep 13, 2006 at 02:09:38PM +0000, edbch wrote:


>
> The ssh-keygen manpage says:
>
> -b bits
> Specifies the number of bits in the key to create. For RSA
> keys, the minimum size is 768 bits and the default is 2048
> bits.
> Generally, 2048 bits is considered sufficient. DSA keys
> must be
> exactly 1024 bits as specified by FIPS 186-2.
>
> DSA keys must be exactly 1024 bits, according to the standard. If you
> want larger keys, you'll need to make RSA keys instead of DSA keys.
>
>
> -Ian

All key generation parameters are dependent of the expected usage and=20
effectiveness of the key pair. According to NIST documentation, the followi=
ng=20
scheme should be utilized for the RSA Algorithm:

Expiration before 2010-12-31, key sizes of 1024, 2048 or 3072 with the SHA1=
=20
hash algorithm, and the PKCS #1 v1.5 padding scheme

or

Expiration before 2010-12-31, key sizes of 1024, 2048 or 3072 with the SHA2=
56=20
hash algorithm, and the PSS padding scheme

or

Expiration after 2010-12-31, key sizes of 2048 or 3072 with the SHA256 hash=
=20
algorithm, and the PKCS #1 v1.5 or PSS padding scheme

hth. Thomas

--nextPart2371444.jtYBsPR1JI
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQBFCRTCoR5cE1e/kEIRAn9jAJ9Ucx4dbL7D5GKtc/YLk7jDm5ejuACgn/fn
sIn6z4UCpbezjlanp78BieU=
=+jWv
-----END PGP SIGNATURE-----

--nextPart2371444.jtYBsPR1JI--