On 08/31/2015 02:33 AM, Brian Bennett wrote: >> On Aug 28, 2015, at 8:41 PM, Steve <[email protected]> wrote: >> >> In my mind, it ought to be disabled by default so that you have to >> know you are lowering, *almost* to the point of entirely loosing >> your security, when you activate it. > > Not to get too far off topic, but is there actually any evidence to > back up that statement? I've been searching for a number of years for > someone who can speak intelligently on the topic. As I understand it, > statements like this are parroted simply due to key sizes. While > ssh-keygen can only create DSA keys of 1024 bits, openssl can > generate arbitrarily large DSA keys that can be used with OpenSSH. > > Do you know of any specific weaknesses of DSA? If DSA is inherently > weak, wouldn't that also render ECDSA similarly weak?
DSA fails horribly if you ever use a key on a system with a broken PRNG. Since PRNGs are obviously a prime target for subversion, my gut feeling would be not to touch DSA with a 10-foot pole. http://www.debian.org/security/2008/dsa-1571 "Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised;" Good general view: https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html Good read how PRNGs are compromised: https://www.schneier.com/paper-yarrow.pdf Detail on DSA: https://www.schneier.com/paper-prngs.pdf excerpts: The DSA PRNG Since this generator appears to come with an NSA stamp of approval, it has been used and proposed for applications quite different than those for which it was originally designed. Summary The DSA standard’s PRNG appears to be quite secure when used in the application for which it was designed: DSA signature parameter generation. However, it doesn’t perform well as a general-purpose cryptographic PRNG because it handles its inputs poorly, and because it recovers more slowly from state compromise than it should. > Bonus points if you work for the NSA and have something to disclose. Haha! No can't say I do or would for that matter. But you may have 2nd thoughts about using anything they approve of. -- Steve ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
