Re: keys longer than 1024 bits
- From: "Thomas R. Jones" <thomas.jones@xxxxxxxxxxxxxxxx>
- Date: Thu, 14 Sep 2006 20:53:50 -0500
On Thursday 14 September 2006 05:54, edbch wrote:
<snip>
Tanks.
The fact of the version that run in OpenBSDs to allow bigger keys would be
one bug? How this would place at risk my system?
Eduardo
A bug ---- no. It is entirely possible to have DSA keys larger than 1024.
The statement was that "DSA keys must be exactly 1024 bits, according to the
standard". The key word here is "according". The reasoning behind this
requirement is due to the fact that the larger key size also increases the
available attack vectors for the hash algorithm[1].
Simply put --- larger key sizes --- more risk of compromise. Hence the ceiling
on the recommended DSA key size.
Thomas
[1]OpenBSD generally has better random number generation than most systems,
this is probably why it is authorized in this instance.
Attachment:
pgpCLsbNmOtbN.pgp
Description: PGP signature
- References:
- keys longer than 1024 bits
- From: edbch
- Re: keys longer than 1024 bits
- From: Ian Becker
- Re: keys longer than 1024 bits
- From: edbch
- keys longer than 1024 bits
- Prev by Date: Re: keys longer than 1024 bits
- Next by Date: Re: One account with multiple keys -- which one was used?
- Previous by thread: Re: keys longer than 1024 bits
- Index(es):
