Home ยป OpenSSH Announcement: Complete Dissolution of DSA Key Code Unveiled for the Onset of 2025.

OpenSSH Announcement: Complete Dissolution of DSA Key Code Unveiled for the Onset of 2025.

OpenSSH, a remote control software, has announced guidelines to discontinue support for DSA (Digital Signature Algorithm) login keys. DSA keys have been used by OpenSSH since its inception in 1999, or 24 years ago. The entire code will be removed by early 2025.

DSA was disabled by default in OpenSSH 7.0, released in 2015. In March, OpenSSH will add a compile time option for distributions to choose a version without DSA code. By mid-2021, this option will be set as the default. Finally, in the first version of 2025, this code will be completely removed.

DSA is a public/private key digital signature process that has been a NIST standard since 1991. It was designed by NSA with a key size of 160 bits. However, due to the use of SHA1 hashing, the overall strength is less than 80 bits, making it susceptible to key forgery.

OpenSSH has defaulted to creating RSA keys for a long time and recently changed the default to Ed25519. Removing this code is unlikely to impact many users, except for those with very old servers.

TLDR: OpenSSH announces the phased removal of support for DSA keys, with the complete removal scheduled for the first version of 2025. This change is expected to have minimal impact on most users.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

SecureShell Vulnerability Patch Revealed Ahead of RHEL by AlmaLinux

OpenSSH is preparing to change the default key generation process from RSA to Ed25519

Enhanced Security Measures: OpenSSH Unveils Version 9.5 Incorporating Ed25519 Keys and Time Lock Feature