[CentOS] SSH Automatic Log-on Failure - Centos 5.5

Thu Jan 27 16:15:24 UTC 2011
Robert Nichols <rnicholsNOSPAM at comcast.net>

On 01/27/2011 01:39 AM, Nico Kadel-Garcia wrote:

> Also, there's a stack of reasons that DSA is preferred to RSA for SSH
> keys these days. When you generate your private keys, use "ssh-keygen
> -t dsa", not rsa.

Care to elaborate on that?  Searching, I find mostly a "stack of reasons"
for preferring RSA now that its patent has expired, e.g.:

  * DSA is critically dependent on the quality of your random number
    generator.  Each DSA signature requires a secret random number.  If
    you use the same number twice, or if your weak random number generator
    allows someone to figure it out, the entire secret key is exposed.

  * DSA keys are exactly 1024 bits, which is quite possibly inadequate
    today.  RSA keys default to 2048 bits, and can be up to 4096 bits.

Reasons for preferring DSA for signatures are less compelling:

  * RSA can also be used for encryption, making it possible for misguided
    users to employ the same key for both signing and encryption.

  * While RSA and DSA with the same key length are believed to be just
    about identical in difficulty to crack, a mathematical solution for
    the DSA discrete logarithm problem would imply a solution for the
    RSA factoring problem, whereas the reverse is not true.  (A solution
    for either problem would be HUGE news in the crypto world.)

Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.