Re: [Monotone-devel] Re: Policy branches

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Re: Policy branches - first steps

From:	Jack Lloyd
Subject:	Re: [Monotone-devel] Re: Policy branches - first steps
Date:	Tue, 27 Feb 2007 08:52:08 -0500
User-agent:	Mutt/1.5.11

On Tue, Feb 27, 2007 at 08:19:28AM +0100, Lapo Luchini wrote:

> Given the fact that there is an official standard proposal for it and
> the assumption that q=256 shouldn't certainly be LESS SECURE than q=160,
> I hope and guess "convincing" SSH-Agent people support it shouldn't be
> too hard, isn't it?

I looked at this a bit last night. ssh-keygen itself needs only a
small patch that lets you choose a different bitsize for DSA keys. And
then you will have to wait for OpenSSL 0.9.9 to come out; 0.9.8
doesn't support DSA keys that aren't 1024 bits exactly, but the latest
snapshot does have support for larger param sets.

A gotcha on this is that the SSH protocol uses specifically FIPS 186-2
DSA (ie 1024/160 bit param sets) with SHA-1. So the OpenSSH folks may
not be too interested in supporting larger/non-conforming DSA keys.

-Jack

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] Crypto and SHA-1, was Policy branches - first steps, (continued)

Prev by Date: Re: [Monotone-devel] Re: Release
Next by Date: Re: [Monotone-devel] Release
Previous by thread: [Monotone-devel] Re: Policy branches - first steps
Next by thread: [Monotone-devel] Re: Flag day
Index(es):
- Date
- Thread