Page MenuHomePhabricator

libssh supports non-standard DSA key of sizes different than 1k
Open, LowPublic


The DSA support in SSH Protocol is defined in RFC4253 [1] with a reference to outdated FIPS-186-2 [2], which defines only key up to the 1024 b modulus. OpenSSH does not allow to generate any other than 1k keys, but might be possible to interoperate with different keys, since they are implemented in OpenSSL.

It would be useful to check interoperability with these non-standard key sizes against OpenSSL or other implementation, if we want to ship them in the next release.

This is not very important, but something I noticed during review of a code.