On Thursday 14 September 2006 05:54, edbch wrote: <snip> > > Tanks. > The fact of the version that run in OpenBSDs to allow bigger keys would be > one bug? How this would place at risk my system? > > Eduardo
A bug ---- no. It is entirely possible to have DSA keys larger than 1024. The statement was that "DSA keys must be exactly 1024 bits, according to the standard". The key word here is "according". The reasoning behind this requirement is due to the fact that the larger key size also increases the available attack vectors for the hash algorithm[1]. Simply put --- larger key sizes --- more risk of compromise. Hence the ceiling on the recommended DSA key size. Thomas [1]OpenBSD generally has better random number generation than most systems, this is probably why it is authorized in this instance.
pgpRE8VepQxDd.pgp
Description: PGP signature
