https://bugzilla.mindrot.org/show_bug.cgi?id=1647
--- Comment #3 from Darren Tucker <[email protected]> --- (In reply to mackyle from comment #2) > RFC 6668 [1] (2012-07) updated RFC 4253 adding the SHA-256 data > integrity algorithm as a new recommended algorithm. > > FIPS 186-4 [2] (2013-07) section 4.2 includes the same DSA > parameters as FIPS 186-3: > > L = 1024, N = 160 > L = 2048, N = 224 > L = 2048, N = 256 > L = 3072, N = 256 > > And it would seem that the L=2048,N=256 L=3072,N=256 selections are > now possible while remaining standards compliant. RFC 6668 adds a new HMAC (ie integrity) algorithm (RFC 4253 section 6.4) not a public key (ie authentication) algorithm (RFC 4253 section 6.6). OpenSSH does in fact implement RFC 6668 (run ssh -vvv and look at the MACS offered) but it doesn't change the situation with DSA authentication. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
