Subject: Re: OpenSSH key size
To: Greg Troxel <>
From: Steven M. Bellovin <>
List: tech-security
Date: 09/15/2005 10:17:00
In message <>, Greg Troxel writes:
>  I was under the impression that DSA keys were only 1k long, by design. 
>One can do dsa-like schemes, but DSA itself is fixed at 1K.  OpenSSH
>may have extended it - that's a very good question.

The odds are very high that NIST will be revising DSA soon.  DSA is 
tied to SHA-1, which is threatened.  I'll be at the NIST hash function 
workshop at the end of October; I may know more after that.
>  This of course makes them rather useless as time goes by.
>Yes, with enough time, but DSA is based on discrete log, not
>factoring, so attacks against RSA don't necessarily apply.
The two are mathematically linked...

		--Steven M. Bellovin,