SSH Agent keys >4096 bit?

Milo gnupg at
Sat May 5 20:27:10 CEST 2012

On 05/05/2012 08:03 PM, Peter Lebbing wrote:
> On 05/05/12 15:49, Hubert Kario wrote:
>> As far as I know, OpenSSH uses DH parameters of the same size as
>> the RSA keys: for 8k DH you need 8k RSA or (which is
>> unmaintainable) manually force use of 8k DH.
> Okay, going out on a limb here, since all what I say is
> conjecture. Actually consulting the SSH RFC's seems like too much
> work, or seems too much like work :).
> I think it's rather the case that the size of the DH parameters is 
> proportional to the keysize of the symmetric algorithm used to
> secure the SSH session, because the DH params are used to compute
> the session key. So you are right that the DH params are
> proportional in size to a key used, but you've confused the keys,
> asymmetric vs symmetric. That way it makes sense to me.
> If I look at the debug messages emitted by the OpenSSH client, I'm
> under the impression that key exchange is already completed before 
> authentication with RSA starts.

Hm, shouldn't authentication happen before exchanging key for
symmetric part of encryption during the SSH session?

> Peter.


More information about the Gnupg-users mailing list