On Thu, May 15, 2008 at 08:09:12AM +1000, Ben Finney wrote:
Roland Mas <firstname.lastname@example.org> writes:- Keys submitted through the web interface are now filtered, and only RSA keys end up in your authorized_keys file. Don't even try putting DSA keys in your authorized_keys2 file, the use of that file has been disabled (and it'll be deleted anyway).Could you explain the rationale for this? My impression was that DSA was recommended over RSA.
It used to be that RSA was patented in the United States, and so only DSA, DH, or ElGamal algorithms were appropriate for use in main. Another reason DSA may be preferred is that it produces smaller signatures than RSA. The reason DSA is preferred over RSA for GnuPG keys is because (AIUI) the keyring maintainers no longer accept v3 keys, but only v4, which for a while meant that DSA was the only option. (GnuPG now generates v4 RSA keys as well.) Still another reason DSA may be preferred over RSA is that it is conjectured that solving the hard problem underlying DSA (the Diffie-Hellman Problem) is as difficult as computing discrete logarithms (the Discrete Logarithm Problem), while the underlying hard problem for RSA (the RSA Problem) is conjectured to be as difficult as the Factoring Problem. If one can solve the Discrete Logarithm Problem, then one can factor, but the reverse is not true. Thus, it is conjectured that DSA is based on a harder problem than RSA. There are reasons not to prefer DSA. It has a short key size, usually limited to 1024 bits, which is not enough for continued security. Because all signatures are made in the field of q, a 160-bit prime, thus making them no longer than 160 bits, brute-forcing the algorithm is easier than with RSA. Also, DSA absolutely requires a good random number generator for every signature. If the nonce is not chosen randomly, it will leak bits of the key. This is true for all discrete logarithm algorithms. Therefore, anyone who had a DSA key has had it compromised, and RSA is just as good a choice for a new key. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Description: Digital signature