[gentoo-user] [OT] RSA Vs DSA keys for SSH authentication

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-user] [OT] RSA Vs DSA keys for SSH authentication
@ 2006-10-09 14:07 Mick
  2006-10-09 15:59 ` [gentoo-user] " Remy Blank
  2006-10-09 21:48 ` [gentoo-user] " Boyd Stephen Smith Jr.
  0 siblings, 2 replies; 7+ messages in thread
From: Mick @ 2006-10-09 14:07 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 628 bytes --]

Hi All,

I have looked around and have found confusing info regarding which is a better 
key cipher to use for ssh authentication.  Some say that RSA is widely 
considered more secure than DSA.  Some say that it doesn't really matter, as 
long as you use a large enough bits setting in creating your key.  RSA takes 
longer to create but it takes less time to authenticate on the server and DSA 
is the other way around.  Not sure what to believe and I'd rather not be 
guessing which one is best

What is the recommended/'best practice' approach on creating ssh keys for 
Gentoo users and why?
-- 
Regards,
Mick

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [gentoo-user]  Re: [OT] RSA Vs DSA keys for SSH authentication
  2006-10-09 14:07 [gentoo-user] [OT] RSA Vs DSA keys for SSH authentication Mick
@ 2006-10-09 15:59 ` Remy Blank
  2006-10-09 18:46   ` Mick
  2006-10-09 21:48 ` [gentoo-user] " Boyd Stephen Smith Jr.
  1 sibling, 1 reply; 7+ messages in thread
From: Remy Blank @ 2006-10-09 15:59 UTC (permalink / raw
  To: gentoo-user

Mick wrote:
> I have looked around and have found confusing info regarding which is a better 
> key cipher to use for ssh authentication.  Some say that RSA is widely 
> considered more secure than DSA.  Some say that it doesn't really matter, as 
> long as you use a large enough bits setting in creating your key.  RSA takes 
> longer to create but it takes less time to authenticate on the server and DSA 
> is the other way around.  Not sure what to believe and I'd rather not be 
> guessing which one is best

DSA keys are always 1024 bits, as this is mandated by the standard. RSA
keys can have variable length. From "man ssh-keygen":

  -b bits
    Specifies the number of bits in the key to create.  For RSA keys,
    the minimum size is 768 bits and the default is 2048 bits.  Gen-
    erally, 2048 bits is considered sufficient.  DSA keys must be
    exactly 1024 bits as specified by FIPS 186-2.

Another argument in favor of RSA is mentioned in the PuTTY FAQ:

  http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-dsa

Personally, I use RSA keys because I want to use a 2048 bit key length.

-- Remy


Remove underscore and suffix in reply address for a timely response.

-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user]  Re: [OT] RSA Vs DSA keys for SSH authentication
  2006-10-09 15:59 ` [gentoo-user] " Remy Blank
@ 2006-10-09 18:46   ` Mick
  0 siblings, 0 replies; 7+ messages in thread
From: Mick @ 2006-10-09 18:46 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 834 bytes --]

On Monday 09 October 2006 16:59, Remy Blank wrote:

> DSA keys are always 1024 bits, as this is mandated by the standard. RSA
> keys can have variable length. From "man ssh-keygen":
>
>   -b bits
>     Specifies the number of bits in the key to create.  For RSA keys,
>     the minimum size is 768 bits and the default is 2048 bits.  Gen-
>     erally, 2048 bits is considered sufficient.  DSA keys must be
>     exactly 1024 bits as specified by FIPS 186-2.
>
> Another argument in favor of RSA is mentioned in the PuTTY FAQ:
>
>   http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-dsa
>
> Personally, I use RSA keys because I want to use a 2048 bit key length.

Blast! I now need to reconsider my whole keying strategy.  :-(

Thank you Remy for a quick and succinct response.

-- 
Regards,
Mick

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] [OT] RSA Vs DSA keys for SSH authentication
  2006-10-09 14:07 [gentoo-user] [OT] RSA Vs DSA keys for SSH authentication Mick
  2006-10-09 15:59 ` [gentoo-user] " Remy Blank
@ 2006-10-09 21:48 ` Boyd Stephen Smith Jr.
  2006-10-09 22:11   ` Mick
  1 sibling, 1 reply; 7+ messages in thread
From: Boyd Stephen Smith Jr. @ 2006-10-09 21:48 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 597 bytes --]

On Monday 09 October 2006 09:07, Mick <michaelkintzios@gmail.com> wrote 
about '[gentoo-user] [OT] RSA Vs DSA keys for SSH authentication':
> Some say that RSA is
> widely considered more secure than DSA. 

DSA is mathematically stronger than RSA.  However, that doesn't mean much 
since most attacks don't come from attacking the core of the algorithm 
anyway.

-- 
"If there's one thing we've established over the years,
it's that the vast majority of our users don't have the slightest
clue what's best for them in terms of package stability."
-- Gentoo Developer Ciaran McCreesh

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] [OT] RSA Vs DSA keys for SSH authentication
  2006-10-09 21:48 ` [gentoo-user] " Boyd Stephen Smith Jr.
@ 2006-10-09 22:11   ` Mick
  2006-10-09 22:51     ` Drew
  0 siblings, 1 reply; 7+ messages in thread
From: Mick @ 2006-10-09 22:11 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 714 bytes --]

On Monday 09 October 2006 22:48, Boyd Stephen Smith Jr. wrote:
> On Monday 09 October 2006 09:07, Mick <michaelkintzios@gmail.com> wrote
>
> about '[gentoo-user] [OT] RSA Vs DSA keys for SSH authentication':
> > Some say that RSA is
> > widely considered more secure than DSA.
>
> DSA is mathematically stronger than RSA.  However, that doesn't mean much
> since most attacks don't come from attacking the core of the algorithm
> anyway.

Do you mean that an RSA key with twice the number of bits (e.g. 2048 or even 
higher) is still weaker (i.e. easier to crack) than the DSA key?  I know it's 
all psychological, but in my paranoid state it'll make me feel 
better . . .  :))
-- 
Regards,
Mick

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] [OT] RSA Vs DSA keys for SSH authentication
  2006-10-09 22:11   ` Mick
@ 2006-10-09 22:51     ` Drew
  2006-10-09 23:39       ` Boyd Stephen Smith Jr.
  0 siblings, 1 reply; 7+ messages in thread
From: Drew @ 2006-10-09 22:51 UTC (permalink / raw
  To: gentoo-user

> > DSA is mathematically stronger than RSA.  However, that doesn't mean much
> > since most attacks don't come from attacking the core of the algorithm
> > anyway.
>
> Do you mean that an RSA key with twice the number of bits (e.g. 2048 or even
> higher) is still weaker (i.e. easier to crack) than the DSA key?  I know it's
> all psychological, but in my paranoid state it'll make me feel
> better . . .  :))

I think what he means is that for a given key length, 1024bits in this
case, the DSA key is, mathematically speaking, a stronger key. RSA has
the advantage of allowing longer key lengths which makes RSA a
stronger key, if you use >1024bits key length.

But as he also pointed out, most hackers try to find other areas of
weakness to exploit so the key strength becomes moot in that case.

-Andrew Kay
-- 
gentoo-user@gentoo.org mailing list

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] [OT] RSA Vs DSA keys for SSH authentication
  2006-10-09 22:51     ` Drew
@ 2006-10-09 23:39       ` Boyd Stephen Smith Jr.
  0 siblings, 0 replies; 7+ messages in thread
From: Boyd Stephen Smith Jr. @ 2006-10-09 23:39 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 692 bytes --]

On Monday 09 October 2006 17:51, Drew <drew.kay@gmail.com> wrote about 'Re: 
[gentoo-user] [OT] RSA Vs DSA keys for SSH authentication':
> RSA has
> the advantage of allowing longer key lengths

From what I understand, the DSA algorithm has no particular ties to the 
1024-bit key length (implementations should be easy to modify for a 
different length) but there are no protocols that support using other key 
lengths with DSA as part of their standard.

-- 
"If there's one thing we've established over the years,
it's that the vast majority of our users don't have the slightest
clue what's best for them in terms of package stability."
-- Gentoo Developer Ciaran McCreesh

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2006-10-09 23:45 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-10-09 14:07 [gentoo-user] [OT] RSA Vs DSA keys for SSH authentication Mick
2006-10-09 15:59 ` [gentoo-user] " Remy Blank
2006-10-09 18:46   ` Mick
2006-10-09 21:48 ` [gentoo-user] " Boyd Stephen Smith Jr.
2006-10-09 22:11   ` Mick
2006-10-09 22:51     ` Drew
2006-10-09 23:39       ` Boyd Stephen Smith Jr.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox