Subject: Re: OpenSSH key size
To: Greg Troxel <email@example.com>
From: Steven M. Bellovin <firstname.lastname@example.org>
Date: 09/15/2005 10:17:00
In message <email@example.com>, Greg Troxel writes:
> I was under the impression that DSA keys were only 1k long, by design.
>One can do dsa-like schemes, but DSA itself is fixed at 1K. OpenSSH
>may have extended it - that's a very good question.
The odds are very high that NIST will be revising DSA soon. DSA is
tied to SHA-1, which is threatened. I'll be at the NIST hash function
workshop at the end of October; I may know more after that.
> This of course makes them rather useless as time goes by.
>Yes, with enough time, but DSA is based on discrete log, not
>factoring, so attacks against RSA don't necessarily apply.
The two are mathematically linked...
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb