On Thu, Sep 14, 2006 at 10:54:11AM +0000, edbch wrote:
> Tanks.
> The fact of the version that run in OpenBSDs to allow bigger keys would be
> one bug? How this would place at risk my system?


It's a bug but it's been fixed (in OpenBSD 3.9 and up). OpenSSH (both
OpenBSD's and -portable) used to allow DSA keys >1024 bits until several
people pointed out that a) it's not in line with the standard, and b) the
strength is limited by the use of SHA1 anyway.

Other than the fact that the larger DSA keys aren't as strong as larger
RSA keys and they have interoperability problems they do not represent
a risk to your system.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.