Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: OpenSSH: Users

keys longer than 1024 bits

 

 

OpenSSH users RSS feed   Index | Next | Previous | View Threaded


edbch at yahoo

Sep 13, 2006, 7:09 AM

Post #1 of 6 (13615 views)
Permalink
keys longer than 1024 bits

Hello to all.
First they pardon my bad English.
I am attempted to generate keys longer than 1024 bits, but I am not obtaining. I perceived that in some machines this is possible and in others not.
It is some problem because of the operational system and some rule or because of the version of ssh? In the machines that I cannot generate these keys I use Gentoo Linux and OpenSSH_4.3p2, OpenSSL
0.9.7j. In that I can I use OpenBSD and OpenSSH_4.1, OpenSSL 0.9.7d. The command to generate the keys that I used is: ssh-keygen - t dsa - b the 2048 and message of error that I received is: DSA keys
must be 1024 bits.
Somebody knows to explain me because? Debtor since now.

Eduardo


ibecker at post

Sep 13, 2006, 2:51 PM

Post #2 of 6 (13338 views)
Permalink
Re: keys longer than 1024 bits [In reply to]

On Wed, Sep 13, 2006 at 02:09:38PM +0000, edbch wrote:
> Hello to all.
> First they pardon my bad English.
> I am attempted to generate keys longer than 1024 bits, but I am not
> obtaining. I perceived that in some machines this is possible and in others
> not.
> It is some problem because of the operational system and some rule or
> because of the version of ssh? In the machines that I cannot generate these
> keys I use Gentoo Linux and OpenSSH_4.3p2, OpenSSL 0.9.7j. In that I can I
> use OpenBSD and OpenSSH_4.1, OpenSSL 0.9.7d. The command to generate the
> keys that I used is: ssh-keygen - t dsa - b the 2048 and message of error
> that I received is: DSA keys must be 1024 bits.
> Somebody knows to explain me because? Debtor since now.
>
> Eduardo

The ssh-keygen manpage says:

-b bits
Specifies the number of bits in the key to create. For RSA
keys, the minimum size is 768 bits and the default is 2048
bits.
Generally, 2048 bits is considered sufficient. DSA keys
must be
exactly 1024 bits as specified by FIPS 186-2.

DSA keys must be exactly 1024 bits, according to the standard. If you
want larger keys, you'll need to make RSA keys instead of DSA keys.


-Ian

--
Ian Becker
ibecker [at] post


thomas.jones at securebuddha

Sep 14, 2006, 1:37 AM

Post #3 of 6 (13350 views)
Permalink
Re: keys longer than 1024 bits [In reply to]

On Wednesday 13 September 2006 16:51, Ian Becker wrote:
> On Wed, Sep 13, 2006 at 02:09:38PM +0000, edbch wrote:
<snip>
>
> The ssh-keygen manpage says:
>
> -b bits
> Specifies the number of bits in the key to create. For RSA
> keys, the minimum size is 768 bits and the default is 2048
> bits.
> Generally, 2048 bits is considered sufficient. DSA keys
> must be
> exactly 1024 bits as specified by FIPS 186-2.
>
> DSA keys must be exactly 1024 bits, according to the standard. If you
> want larger keys, you'll need to make RSA keys instead of DSA keys.
>
>
> -Ian
All key generation parameters are dependent of the expected usage and
effectiveness of the key pair. According to NIST documentation, the following
scheme should be utilized for the RSA Algorithm:

Expiration before 2010-12-31, key sizes of 1024, 2048 or 3072 with the SHA1
hash algorithm, and the PKCS #1 v1.5 padding scheme

or

Expiration before 2010-12-31, key sizes of 1024, 2048 or 3072 with the SHA256
hash algorithm, and the PSS padding scheme

or

Expiration after 2010-12-31, key sizes of 2048 or 3072 with the SHA256 hash
algorithm, and the PKCS #1 v1.5 or PSS padding scheme

hth. Thomas


edbch at yahoo

Sep 14, 2006, 3:54 AM

Post #4 of 6 (13345 views)
Permalink
Re: keys longer than 1024 bits [In reply to]

Ian Becker wrote:
> On Wed, Sep 13, 2006 at 02:09:38PM +0000, edbch wrote:
>> Hello to all.
>> First they pardon my bad English.
>> I am attempted to generate keys longer than 1024 bits, but I am not
>> obtaining. I perceived that in some machines this is possible and in others
>> not.
>> It is some problem because of the operational system and some rule or
>> because of the version of ssh? In the machines that I cannot generate these
>> keys I use Gentoo Linux and OpenSSH_4.3p2, OpenSSL 0.9.7j. In that I can I
>> use OpenBSD and OpenSSH_4.1, OpenSSL 0.9.7d. The command to generate the
>> keys that I used is: ssh-keygen - t dsa - b the 2048 and message of error
>> that I received is: DSA keys must be 1024 bits.
>> Somebody knows to explain me because? Debtor since now.
>>
>> Eduardo
>
> The ssh-keygen manpage says:
>
> -b bits
> Specifies the number of bits in the key to create. For RSA
> keys, the minimum size is 768 bits and the default is 2048
> bits.
> Generally, 2048 bits is considered sufficient. DSA keys
> must be
> exactly 1024 bits as specified by FIPS 186-2.
>
> DSA keys must be exactly 1024 bits, according to the standard. If you
> want larger keys, you'll need to make RSA keys instead of DSA keys.
>
>
> -Ian
>

Tanks.
The fact of the version that run in OpenBSDs to allow bigger keys would be one bug? How this would place at risk my system?

Eduardo


dtucker at zip

Sep 14, 2006, 3:20 PM

Post #5 of 6 (13336 views)
Permalink
Re: keys longer than 1024 bits [In reply to]

On Thu, Sep 14, 2006 at 10:54:11AM +0000, edbch wrote:
> Tanks.
> The fact of the version that run in OpenBSDs to allow bigger keys would be
> one bug? How this would place at risk my system?

It's a bug but it's been fixed (in OpenBSD 3.9 and up). OpenSSH (both
OpenBSD's and -portable) used to allow DSA keys >1024 bits until several
people pointed out that a) it's not in line with the standard, and b) the
strength is limited by the use of SHA1 anyway.

Other than the fact that the larger DSA keys aren't as strong as larger
RSA keys and they have interoperability problems they do not represent
a risk to your system.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


thomas.jones at securebuddha

Sep 14, 2006, 6:53 PM

Post #6 of 6 (13362 views)
Permalink
Re: keys longer than 1024 bits [In reply to]

On Thursday 14 September 2006 05:54, edbch wrote:
<snip>
>
> Tanks.
> The fact of the version that run in OpenBSDs to allow bigger keys would be
> one bug? How this would place at risk my system?
>
> Eduardo

A bug ---- no. It is entirely possible to have DSA keys larger than 1024.

The statement was that "DSA keys must be exactly 1024 bits, according to the
standard". The key word here is "according". The reasoning behind this
requirement is due to the fact that the larger key size also increases the
available attack vectors for the hash algorithm[1].

Simply put --- larger key sizes --- more risk of compromise. Hence the ceiling
on the recommended DSA key size.

Thomas

[1]OpenBSD generally has better random number generation than most systems,
this is probably why it is authorized in this instance.

OpenSSH users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.