[CentOS] SSH Automatic Log-on Failure - Centos 5.5

Thu Jan 27 22:50:04 UTC 2011
Dr. Ed Morbius <dredmorbius at gmail.com>

on 10:15 Thu 27 Jan, Robert Nichols (rnicholsNOSPAM at comcast.net) wrote:
> On 01/27/2011 01:39 AM, Nico Kadel-Garcia wrote:
> > Also, there's a stack of reasons that DSA is preferred to RSA for SSH
> > keys these days. When you generate your private keys, use "ssh-keygen
> > -t dsa", not rsa.
> Care to elaborate on that?  Searching, I find mostly a "stack of reasons"
> for preferring RSA now that its patent has expired, e.g.:
>   * DSA is critically dependent on the quality of your random number
>     generator.  Each DSA signature requires a secret random number.  If
>     you use the same number twice, or if your weak random number generator
>     allows someone to figure it out, the entire secret key is exposed.
>   * DSA keys are exactly 1024 bits, which is quite possibly inadequate
>     today.  RSA keys default to 2048 bits, and can be up to 4096 bits.
> Reasons for preferring DSA for signatures are less compelling:
>   * RSA can also be used for encryption, making it possible for misguided
>     users to employ the same key for both signing and encryption.
>   * While RSA and DSA with the same key length are believed to be just
>     about identical in difficulty to crack, a mathematical solution for
>     the DSA discrete logarithm problem would imply a solution for the
>     RSA factoring problem, whereas the reverse is not true.  (A solution
>     for either problem would be HUGE news in the crypto world.)

The main argument against RSA keys was the RSA patent.

It's expired.


Dr. Ed Morbius
Chief Scientist
Krell Power Systems Unlimited