Ian Becker wrote:
> On Wed, Sep 13, 2006 at 02:09:38PM +0000, edbch wrote:
>> Hello to all.
>> First they pardon my bad English.
>> I am attempted to generate keys longer than 1024 bits, but I am not
>> obtaining. I perceived that in some machines this is possible and in others
>> not.
>> It is some problem because of the operational system and some rule or
>> because of the version of ssh? In the machines that I cannot generate these
>> keys I use Gentoo Linux and OpenSSH_4.3p2, OpenSSL 0.9.7j. In that I can I
>> use OpenBSD and OpenSSH_4.1, OpenSSL 0.9.7d. The command to generate the
>> keys that I used is: ssh-keygen - t dsa - b the 2048 and message of error
>> that I received is: DSA keys must be 1024 bits.
>> Somebody knows to explain me because? Debtor since now.
>> Eduardo

> The ssh-keygen manpage says:
> -b bits
> Specifies the number of bits in the key to create. For RSA
> keys, the minimum size is 768 bits and the default is 2048
> bits.
> Generally, 2048 bits is considered sufficient. DSA keys
> must be
> exactly 1024 bits as specified by FIPS 186-2.
> DSA keys must be exactly 1024 bits, according to the standard. If you
> want larger keys, you'll need to make RSA keys instead of DSA keys.
> -Ian

The fact of the version that run in OpenBSDs to allow bigger keys would be one bug? How this would place at risk my system?