Hi
On 28/11/16 00:14, "dtucker@xxxxxxxxxxx on behalf of Darren Tucker" <dtucker@xxxxxxxxxxx on behalf of dtucker@xxxxxxxxxx> wrote:
On Sat, Nov 26, 2016 at 1:16 AM, Alexander Wuerstlein <arw@xxxxxxxxx> wrote:
[...]
> Afaik its because DSA key size has (for very weird reasons admittedly:
> FIPS 186-4) been limited to 1024 bits which is considered weak nowadays.
Use of DSA within the SSH protocol requires the use of SHA1, which is
160 bits (80 bits against a birthday attack) and is reaching its
use-by date. This is probably why FIPS requires stronger hashes for
DSA key sizes >1k, but those can't be used in SSH because it specifies
only SHA1.
There's some more info in https://bugzilla.mindrot.org/show_bug.cgi?id=1647
My initial email was not about why DSA was deprecated (although I do appreciate the reasons, thank you), but more about the fact that this deprecation is not mentioned on the OpenSSH release notes, so I would argue that DSA was not in fact deprecated…
I think mentioning on the next release release notes would be important to make it official.
Thank you,
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
