On Wednesday 13 September 2006 16:51, Ian Becker wrote: > On Wed, Sep 13, 2006 at 02:09:38PM +0000, edbch wrote: <snip> > > The ssh-keygen manpage says: > > -b bits > Specifies the number of bits in the key to create. For RSA > keys, the minimum size is 768 bits and the default is 2048 > bits. > Generally, 2048 bits is considered sufficient. DSA keys > must be > exactly 1024 bits as specified by FIPS 186-2. > > DSA keys must be exactly 1024 bits, according to the standard. If you > want larger keys, you'll need to make RSA keys instead of DSA keys. > > > -Ian All key generation parameters are dependent of the expected usage and effectiveness of the key pair. According to NIST documentation, the following scheme should be utilized for the RSA Algorithm:
Expiration before 2010-12-31, key sizes of 1024, 2048 or 3072 with the SHA1 hash algorithm, and the PKCS #1 v1.5 padding scheme or Expiration before 2010-12-31, key sizes of 1024, 2048 or 3072 with the SHA256 hash algorithm, and the PSS padding scheme or Expiration after 2010-12-31, key sizes of 2048 or 3072 with the SHA256 hash algorithm, and the PKCS #1 v1.5 or PSS padding scheme hth. Thomas
pgpUGiC3a5IK4.pgp
Description: PGP signature
