On 01/27/2011 01:39 AM, Nico Kadel-Garcia wrote:
Also, there's a stack of reasons that DSA is preferred to RSA for SSH keys these days. When you generate your private keys, use "ssh-keygen -t dsa", not rsa.
Care to elaborate on that? Searching, I find mostly a "stack of reasons" for preferring RSA now that its patent has expired, e.g.:
* DSA is critically dependent on the quality of your random number generator. Each DSA signature requires a secret random number. If you use the same number twice, or if your weak random number generator allows someone to figure it out, the entire secret key is exposed.
* DSA keys are exactly 1024 bits, which is quite possibly inadequate today. RSA keys default to 2048 bits, and can be up to 4096 bits.
Reasons for preferring DSA for signatures are less compelling:
* RSA can also be used for encryption, making it possible for misguided users to employ the same key for both signing and encryption.
* While RSA and DSA with the same key length are believed to be just about identical in difficulty to crack, a mathematical solution for the DSA discrete logarithm problem would imply a solution for the RSA factoring problem, whereas the reverse is not true. (A solution for either problem would be HUGE news in the crypto world.)