This is a discussion on Re: keys longer than 1024 bits - openssh ; --nextPart2671507.gmSH02rC7Z Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 14 September 2006 05:54, edbch wrote: > > Tanks. > The fact of the version that run in OpenBSDs to allow bigger keys would be > one bug? How this ...
--nextPart2671507.gmSH02rC7Z
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Thursday 14 September 2006 05:54, edbch wrote:
>
> Tanks.
> The fact of the version that run in OpenBSDs to allow bigger keys would be
> one bug? How this would place at risk my system?
>
> Eduardo
A bug ---- no. It is entirely possible to have DSA keys larger than 1024.=20
The statement was that "DSA keys must be exactly 1024 bits, according to th=
e=20
standard". The key word here is "according". The reasoning behind this =20
requirement is due to the fact that the larger key size also increases the=
=20
available attack vectors for the hash algorithm[1].
Simply put --- larger key sizes --- more risk of compromise. Hence the ceil=
ing=20
on the recommended DSA key size.
Thomas
[1]OpenBSD generally has better random number generation than most systems,=
=20
this is probably why it is authorized in this instance.
--nextPart2671507.gmSH02rC7Z
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQBFCge0oR5cE1e/kEIRAiJWAKCCdoyjRcNoPXPohzbsgGYyEGIlBACfcdHm
iOo6bi6mY7WNxEyXDg3e5gg=
=vXPh
-----END PGP SIGNATURE-----
--nextPart2671507.gmSH02rC7Z--
