Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: keys longer than 1024 bits

from [Thomas R. Jones] Network Security [Permanent Link]
Subject: Re: keys longer than 1024 bits
Date: Thu, 14 Sep 2006 03:37:14 -0500 
On Wednesday 13 September 2006 16:51, Ian Becker wrote:

On Wed, Sep 13, 2006 at 02:09:38PM +0000, edbch wrote:

<snip>


The ssh-keygen manpage says:

     -b bits
             Specifies the number of bits in the key to create.  For RSA
             keys, the minimum size is 768 bits and the default is 2048
bits.
             Generally, 2048 bits is considered sufficient.  DSA keys
must be
             exactly 1024 bits as specified by FIPS 186-2.

DSA keys must be exactly 1024 bits, according to the standard.  If you
want larger keys, you'll need to make RSA keys instead of DSA keys.


-Ian

All key generation parameters are dependent of the expected usage and 
effectiveness of the key pair. According to NIST documentation, the following 
scheme should be utilized for the RSA Algorithm:

Expiration before 2010-12-31, key sizes of 1024, 2048 or 3072 with the SHA1 
hash algorithm, and the PKCS #1 v1.5 padding scheme

or

Expiration before 2010-12-31, key sizes of 1024, 2048 or 3072 with the SHA256 
hash algorithm, and the PSS padding scheme

or

Expiration after 2010-12-31, key sizes of 2048 or 3072 with the SHA256 hash 
algorithm, and the PKCS #1 v1.5 or PSS padding scheme

hth. Thomas

Attachment: pgpdCh5hdusy3.pgp
Description: PGP signature

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Ip Phones, Benjamin Donnachie
Next by Date:  Re: why does mget hang with SFTP, Greg Wooledge
Previous by Thread:  Re: keys longer than 1024 bits, Ian Becker
Next by Thread:  Re: keys longer than 1024 bits, edbch
Indexes:  [Date] [Thread] [Top] [All Lists]