thomas.jones at securebuddha
Sep 14, 2006, 1:37 AM
Post #3 of 6
(16610 views)
Permalink

On Wednesday 13 September 2006 16:51, Ian Becker wrote: > On Wed, Sep 13, 2006 at 02:09:38PM +0000, edbch wrote: <snip> > > The sshkeygen manpage says: > > b bits > Specifies the number of bits in the key to create. For RSA > keys, the minimum size is 768 bits and the default is 2048 > bits. > Generally, 2048 bits is considered sufficient. DSA keys > must be > exactly 1024 bits as specified by FIPS 1862. > > DSA keys must be exactly 1024 bits, according to the standard. If you > want larger keys, you'll need to make RSA keys instead of DSA keys. > > > Ian All key generation parameters are dependent of the expected usage and effectiveness of the key pair. According to NIST documentation, the following scheme should be utilized for the RSA Algorithm: Expiration before 20101231, key sizes of 1024, 2048 or 3072 with the SHA1 hash algorithm, and the PKCS #1 v1.5 padding scheme or Expiration before 20101231, key sizes of 1024, 2048 or 3072 with the SHA256 hash algorithm, and the PSS padding scheme or Expiration after 20101231, key sizes of 2048 or 3072 with the SHA256 hash algorithm, and the PKCS #1 v1.5 or PSS padding scheme hth. Thomas
