Article 6HRYA DSA removal from OpenSSH

DSA removal from OpenSSH

by
from OpenBSD Journal on (#6HRYA)

The OpenSSH projecthasannouncedthe timeline for the removal ofDSA support from OpenSSH:

[...]OpenSSH plans to remove support for DSA keys in the near future. Thismessage describes our rationale, process and proposed timeline.Rationale---------DSA, as specified in the SSHv2 protocol, is inherently weak - beinglimited to a 160 bit private key and use of the SHA1 digest. Itsestimated security level is <=80 bits symmetric equivalent[1][2].OpenSSH has disabled DSA keys by default since 2015 but has retainedoptional support for them. DSA is the only mandatory-to-implementalgorithm in the SSHv2 RFCs[3], mostly because alternative algorithmswere encumbered by patents when the SSHv2 protocol was designed andspecified.[...]In summary:2024/01 - this announcement2024/03 (estimated) - DSA compile-time optional, enabled by default2024/06 (estimated) - DSA compile-time optional, *disabled* by default2025/01 (estimated) - DSA is removed from OpenSSH

Please read theannouncement messagefor full details.

External Content
Source RSS or Atom Feed
Feed Location http://undeadly.org/cgi?action=rss
Feed Title OpenBSD Journal
Feed Link http://undeadly.org/
Reply 0 comments