on 10:15 Thu 27 Jan, Robert Nichols (rnicholsNOSPAM at comcast.net) wrote: > On 01/27/2011 01:39 AM, Nico Kadel-Garcia wrote: > > > Also, there's a stack of reasons that DSA is preferred to RSA for SSH > > keys these days. When you generate your private keys, use "ssh-keygen > > -t dsa", not rsa. > > Care to elaborate on that? Searching, I find mostly a "stack of reasons" > for preferring RSA now that its patent has expired, e.g.: > > * DSA is critically dependent on the quality of your random number > generator. Each DSA signature requires a secret random number. If > you use the same number twice, or if your weak random number generator > allows someone to figure it out, the entire secret key is exposed. > > * DSA keys are exactly 1024 bits, which is quite possibly inadequate > today. RSA keys default to 2048 bits, and can be up to 4096 bits. > > Reasons for preferring DSA for signatures are less compelling: > > * RSA can also be used for encryption, making it possible for misguided > users to employ the same key for both signing and encryption. > > * While RSA and DSA with the same key length are believed to be just > about identical in difficulty to crack, a mathematical solution for > the DSA discrete logarithm problem would imply a solution for the > RSA factoring problem, whereas the reverse is not true. (A solution > for either problem would be HUGE news in the crypto world.) The main argument against RSA keys was the RSA patent. It's expired. Go RSA. -- Dr. Ed Morbius Chief Scientist Krell Power Systems Unlimited