On Tue, Feb 27, 2007 at 08:19:28AM +0100, Lapo Luchini wrote: > Given the fact that there is an official standard proposal for it and > the assumption that q=256 shouldn't certainly be LESS SECURE than q=160, > I hope and guess "convincing" SSH-Agent people support it shouldn't be > too hard, isn't it?
I looked at this a bit last night. ssh-keygen itself needs only a small patch that lets you choose a different bitsize for DSA keys. And then you will have to wait for OpenSSL 0.9.9 to come out; 0.9.8 doesn't support DSA keys that aren't 1024 bits exactly, but the latest snapshot does have support for larger param sets. A gotcha on this is that the SSH protocol uses specifically FIPS 186-2 DSA (ie 1024/160 bit param sets) with SHA-1. So the OpenSSH folks may not be too interested in supporting larger/non-conforming DSA keys. -Jack _______________________________________________ Monotone-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/monotone-devel
