From d9cc8b99c416bd659e82479ef50c9fb056b5ac32 Mon Sep 17 00:00:00 2001 From: dtucker Date: Mon, 25 Mar 2019 16:19:44 +0000 Subject: Expand comment to document rationale for default key sizes. "seems worthwhile" deraadt. --- usr.bin/ssh/ssh-keygen.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'usr.bin/ssh/ssh-keygen.c') diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index fdc074d30ef..b0b1610d22f 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.328 2019/03/25 15:49:00 dtucker Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.329 2019/03/25 16:19:44 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -61,8 +61,15 @@ #endif /* - * Default number of bits in the RSA/DSA key. This value can be overridden - * on the command line. + * Default number of bits in the RSA, DSA and ECDSA keys. These value can be + * overridden on the command line. + * + * These values, with the exception of DSA, provide security equivalent to at + * least 128 bits of security according to NIST Special Publication 800-57: + * Recommendation for Key Management Part 1 rev 4 section 5.6.1. + * For DSA it (and FIPS-186-4 section 4.2) specifies that the only size for + * which a 160bit hash is acceptable is 1kbit, and since ssh-dss specifies only + * SHA1 we limit the DSA key size 1k bits. */ #define DEFAULT_BITS 3072 #define DEFAULT_BITS_DSA 1024 -- cgit v1.2.3-59-g8ed1b