Re: Fwd: ssh-keygen
On Tuesday 19 August 2008 15:22:37 Jeff Soules wrote:
> On Tue, Aug 19, 2008 at 6:12 AM, Chris Davies <chris-usenet@roaima.co.uk>
wrote:
> > ssh-keygen -t rsa # Does anyone know whether dsa or rsa is better?
>
> I had understood that RSA is cryptographically superior to DSA, at
> least unless the DSA implementation is done very carefully (or so says
> the PuTTY website). http://neubia.com/archives/000191.html confirms
> that security claim, and shows that DSA is faster for key generation
> (100x) and signing (4x), while RSA is around 3x faster for key
> verification.
I am not an expert, however over the years I have gathered the following
information (someone who knows better please correct me):
1. RSA is a really good algorithm.
2. Seems like a lot of people used to use DSA while the RSA algorithm was
patented. Now that the RSA is in the public domain (and the patent expired
anyway), there's no reason not to use it (that I'm aware of).
3. Various OS implementations of ssh-keygen (on Mac OS X and SuSE Linux, for
example) will no longer allow you to create large DSA keys. The reason for
this is that some US government agency (I think it was NIST?) has specified
1024 as the "official" keylength.
4. The O'Reilly ssh book (which I don't have with me right now, so I can't
verify this) made some statements that indicated the DSA was originally
designed for signing, not encryption (as its name indicates). I'm not sure
about the fine details. It seemed (to me) to indicate that DSA was weaker.
5. The same O'Reilly book also claims that DSA was designed for NIST by the
NSA (other sources read "a former NSA employee"). It claims - without
reference or sources - that "subliminal channels" have been detected in DSA.
Again it seemed to be indicating that this was something to be concerned
about - I'm sure you can understand the implications.
Based on all of the above information, I have decided I don't want to use DSA
keys.
JW
Reply to: