On 01/27/2011 01:39 AM, Nico Kadel-Garcia wrote:
> Also, there's a stack of reasons that DSA is preferred to RSA for SSH
> keys these days. When you generate your private keys, use "ssh-keygen
> -t dsa", not rsa.
Care to elaborate on that? Searching, I find mostly a "stack of reasons"
for preferring RSA now that its patent has expired, e.g.:
* DSA is critically dependent on the quality of your random number
generator. Each DSA signature requires a secret random number. If
you use the same number twice, or if your weak random number generator
allows someone to figure it out, the entire secret key is exposed.
* DSA keys are exactly 1024 bits, which is quite possibly inadequate
today. RSA keys default to 2048 bits, and can be up to 4096 bits.
Reasons for preferring DSA for signatures are less compelling:
* RSA can also be used for encryption, making it possible for misguided
users to employ the same key for both signing and encryption.
* While RSA and DSA with the same key length are believed to be just
about identical in difficulty to crack, a mathematical solution for
the DSA discrete logarithm problem would imply a solution for the
RSA factoring problem, whereas the reverse is not true. (A solution
for either problem would be HUGE news in the crypto world.)
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.