upstream: Expand comment to document rationale for default key

sizes. "seems worthwhile" deraadt. OpenBSD-Commit-ID: 72e5c0983d7da1fb72f191870f36cb58263a2456
2019-03-25 16:19:44 +00:00 · 2019-03-25 16:19:44 +00:00 · 26e0cef07b
parent f47269ea67
commit 26e0cef07b
1 changed files with 10 additions and 3 deletions
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.328 2019/03/25 15:49:00 dtucker Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.329 2019/03/25 16:19:44 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -68,8 +68,15 @@
 #endif

 /*
- * Default number of bits in the RSA/DSA key.  This value can be overridden
- * on the command line.
+ * Default number of bits in the RSA, DSA and ECDSA keys.  These value can be
+ * overridden on the command line.
+ *
+ * These values, with the exception of DSA, provide security equivalent to at
+ * least 128 bits of security according to NIST Special Publication 800-57:
+ * Recommendation for Key Management Part 1 rev 4 section 5.6.1.
+ * For DSA it (and FIPS-186-4 section 4.2) specifies that the only size for
+ * which a 160bit hash is acceptable is 1kbit, and since ssh-dss specifies only
+ * SHA1 we limit the DSA key size 1k bits.
 */
 #define DEFAULT_BITS		3072
 #define DEFAULT_BITS_DSA	1024