The minimum key length recommended for RSA at the specified URL is 768. This is an enhancement request to raise the minimum level of key length from 512 to 768 in ssh-keygen. I will attach the patch for this enhancement
Created attachment 1031 [details] Patch to update the minimum keylength bits to 1024 I received an input from Tom, the author of libtomcrypt (http://libtomcrypt.org/) that minimum recommended key length is 1024 in general. So the patch is modified from the description of enhancement request #1, so that it checks for atleast 1024 bits.
As a compromise we increased the minimum RSA key size to 768 bits so it's still usable on older/slower machines. We have also enforced a DSA key size of exactly 1024 bits since that's apparently what FIPS 186-2 specifies (and the SSH protocol specs reference that for the DSA definition). Thanks.
Well the FIPS may specify 1024 bits for DSA but is there any reason besides the FIPS why larger DSA keys should not be used? Are they less secure (probably not). Maybe issuing a warning instead of fatal() would be much more appropriate.
(In reply to comment #3) > Well the FIPS may specify 1024 bits for DSA but is there any reason besides the > FIPS why larger DSA keys should not be used? Are they less secure (probably > not). They're not less secure, but they're apparently not (much?) more secure. The security is apparently limited by the 160 bit subgroup that's part of the public key, and the use of SHA1 (again, 160 bits). So there's no real security gain, and the larger keys can confuse other implementations which do adhere strictly to the spec. If you want big keys, use RSA.
Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.