[Botan-devel] DSA p-bits check

Jack Lloyd lloyd at randombit.net
Fri May 28 09:57:12 EDT 2010


On Fri, May 28, 2010 at 03:43:10PM +0200, Rickard Bellgrim wrote:
> Hi
> 
> Shouldn't line 75 in dl_group.cpp be like this:
> 
> qbits = qbits ? qbits : ((pbits <= 1024) ? 160 : 256);
> 
> and not
> 
> qbits = qbits ? qbits : ((pbits == 1024) ? 160 : 256);
> 
> Otherwise you cannot use pbits = 512 or 768, because fips186_3_valid_size() will return false.

Yes you're right. Fixed.

In the meantime, you can work around this by explicitly specifying
qbits to be the right size.

(Also I can't say using 768 bit DSA keys is a very good idea anymore)

-Jack



More information about the botan-devel mailing list