Re: SSH keys: RSA vs DSA
From: David Goodenough (david.goodenough@btconnect.com)Date: 06/29/02
- Next message: Grant Edwards: "Re: Enquiry regarding Linux in Mission Critical situation"
- Previous message: Tim Haynes: "Re: NIS and /etc/profile"
- In reply to: John Thompson: "Re: SSH keys: RSA vs DSA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: David Goodenough <david.goodenough@btconnect.com> Date: Sat, 29 Jun 2002 15:56:06 +0000 (UTC)
John Thompson wrote:
> In article <3D1B0463.58BD4A47@daimi.au.dk>, Kasper Dupont wrote:
>
>> Ssh protocol version 2 can use RSA as well as DSA keys.
>> What are the advantages and disadvantages of each type
>> of key?
>
> DSA is an old and fairly weak encryption, supported mostly for
> backwards-compatibility with apps that expect to be able to use it.
>
> Use RSA if you have a choice.
>
DSA is the Digital Signature Algorithm, and only does signatures not
encryption. RSA can do both signatures and encryption. It is however
true that DSA keys can be used with some elyptic curve encryption
algorithms to encrypt. Using different keys for encryption and signing
(for certificates and the like) has considerable cryptographic merit,
and while you can use separate keys with RSA, the temptation to use the
same one is frequently overwelming expecially to those who do not
unstand why they should not.
According to Bruce Schneier both DSA and RSA with the same length keys
are just about identical in difficulty to crack. Use the key for
encryption as well as signing and breaking the key gets much easier
simply because there is more data to work with.
SSH uses either DSA or RSA for signing, not encryption, so actually
it makes little difference which you use. As mentioned elsewhere in
this thread US encryption export laws used to mean that DSA was
preferable as it was only for signing and could not be used for
encryption and therefore was allowed to be exported. Following
on from Sept 11 this kind of regulation could come back although
enforcing it would be even harder that it was when implementations
were produced outside the US before the regulations were relaxed.
RSA used to be covered by patent, but that has now lapsed, which
also was a US only problem.
David
- Next message: Grant Edwards: "Re: Enquiry regarding Linux in Mission Critical situation"
- Previous message: Tim Haynes: "Re: NIS and /etc/profile"
- In reply to: John Thompson: "Re: SSH keys: RSA vs DSA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
