DSA & Symmetric Keys
From: Italy Anonymous Remailer (nobody_at_See.Comments.Header)
Date: 14 Jan 2005 13:48:40 -0000
Please could someone clarify something for me in simple terms, since I'm
not too knowing about the mathematical side of things..
In basic terms.. RSA can be used to sign and also to encrypt and I'm told
that DSA is a signing only algorithm.
Presumably when an ssh connection is made the client and the server
somehow 'handshake' to decide on a cipher and a session key. The cipher
doesn't have to be kept hidden, but the key does..
So.. if the server is using a DSA key to identify itsself.. and the client
is using a DSA key to authenticate.. and DSA is a signature only
algorithm.. how is the key transferred from one side to the other, and
which way is it transferred?
The reason I ask is that I would like to increase the security of the
connection. I use aes256 as the cipher (configured in the config files
without a problem, and verified using ssh -v) and using 1024 bit keys is
not a comparable strength for the assymetric algorithm. I like to use DSA
rather than RSA, and both the host key and my user's public key are DSA.
This leads me to wonder how a symmetric key can be agreed on when both
sides can only sign data to each other, and not encrypt it.
Am I understanding the limitations of DSA incorrectly? or maybe
Diffie-Hellman does not require data to be encrypted at all.
Please excuse my poor english, and thankyou to anyone who replies to this.
P.S - I would like to use at least 4096 bit keylength, and I have this
size key on the server with a 2048 bit key on the client. Is the symmetric
key protected by the 4096 bit key on the server, or the 2048 bit key on