Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Drop DSA #1558

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Drop DSA #1558

wants to merge 1 commit into from

Conversation

Rob-Hague
Copy link
Collaborator

DSA is removed at compile time from OpenSSH 9.8 and higher. That means we can no longer test it in our integration tests (#1553). It seems like a good time to remove it. From the OpenSSH release notes:

DSA, as specified in the SSHv2 protocol, is inherently weak - being
limited to a 160 bit private key and use of the SHA1 digest. Its
estimated security level is only 80 bits symmetric equivalent.

OpenSSH has disabled DSA keys by default since 2015 but has retained
run-time optional support for them. DSA was the only mandatory-to-
implement algorithm in the SSHv2 RFCs, mostly because alternative
algorithms were encumbered by patents when the SSHv2 protocol was
specified.

This has not been the case for decades at this point and better
algorithms are well supported by all actively-maintained SSH
implementations. We do not consider the costs of maintaining DSA
in OpenSSH to be justified and hope that removing it from OpenSSH
can accelerate its wider deprecation in supporting cryptography
libraries.

DSA is removed at compile time from OpenSSH 9.8 and higher.
That means we can no longer test it in our integration tests. It seems like a
good time to remove it. From the OpenSSH release notes:

    DSA, as specified in the SSHv2 protocol, is inherently weak - being
    limited to a 160 bit private key and use of the SHA1 digest. Its
    estimated security level is only 80 bits symmetric equivalent.

    OpenSSH has disabled DSA keys by default since 2015 but has retained
    run-time optional support for them. DSA was the only mandatory-to-
    implement algorithm in the SSHv2 RFCs, mostly because alternative
    algorithms were encumbered by patents when the SSHv2 protocol was
    specified.

    This has not been the case for decades at this point and better
    algorithms are well supported by all actively-maintained SSH
    implementations. We do not consider the costs of maintaining DSA
    in OpenSSH to be justified and hope that removing it from OpenSSH
    can accelerate its wider deprecation in supporting cryptography
    libraries.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant