[CentOS] SSH Automatic Log-on Failure - Centos 5.5
Dr. Ed Morbius
dredmorbius at gmail.com
Thu Jan 27 22:50:04 UTC 2011
on 10:15 Thu 27 Jan, Robert Nichols (rnicholsNOSPAM at comcast.net) wrote:
> On 01/27/2011 01:39 AM, Nico Kadel-Garcia wrote:
>
> > Also, there's a stack of reasons that DSA is preferred to RSA for SSH
> > keys these days. When you generate your private keys, use "ssh-keygen
> > -t dsa", not rsa.
>
> Care to elaborate on that? Searching, I find mostly a "stack of reasons"
> for preferring RSA now that its patent has expired, e.g.:
>
> * DSA is critically dependent on the quality of your random number
> generator. Each DSA signature requires a secret random number. If
> you use the same number twice, or if your weak random number generator
> allows someone to figure it out, the entire secret key is exposed.
>
> * DSA keys are exactly 1024 bits, which is quite possibly inadequate
> today. RSA keys default to 2048 bits, and can be up to 4096 bits.
>
> Reasons for preferring DSA for signatures are less compelling:
>
> * RSA can also be used for encryption, making it possible for misguided
> users to employ the same key for both signing and encryption.
>
> * While RSA and DSA with the same key length are believed to be just
> about identical in difficulty to crack, a mathematical solution for
> the DSA discrete logarithm problem would imply a solution for the
> RSA factoring problem, whereas the reverse is not true. (A solution
> for either problem would be HUGE news in the crypto world.)
The main argument against RSA keys was the RSA patent.
It's expired.
Go RSA.
--
Dr. Ed Morbius
Chief Scientist
Krell Power Systems Unlimited
More information about the CentOS
mailing list