Results 1 to 3 of 3

Enjoy an ad free experience by logging in. Not a member yet? Register.



10282005 #1
 Join Date
 Jun 2005
 Location
 Canada, Halifax
 Posts
 86
OpenSSH user/host authentication: RSA versus DSA which provides stronger security?
The prevailing opinion on the web seems to be that DSA is included for historical reasons and that RSA is more secure, however I'm not entriely convinced based on the following empirical observations: a 4096 bit RSA public key is about 712 bytes long and on my 2 GHz Sempron machine takes fifteen seconds to produce where as a 4096 bit DSA public key is about 2116 bytes long and takes twentyfive seconds to generate. Given that the two algorithims' relative strength shouldn't be judged by these metrics since a weak alorithim may need a longer key, and similairly the longer computation time may be due to additional computations required to discard trivial/weak key pairs. That haveing been said I cannot simply discard my observations.
Without getting into the mathematics too deeply, I'd like to read a "strong" argument for the relative strength of RSA versus DSA, pertaining to OpenSSH user/host authentication.
EDIT: Please note that the key lengths quoted above are the ASCII character lengths of the public key files (~/.ssh/id_rsa.pub for example), and not the key lengths in bits. I apologize for the confusion.

11102005 #2
 Join Date
 Jun 2005
 Location
 Canada, Halifax
 Posts
 86
FYI:
http://www.scramdisk.clara.net/pgpfaq.html#SubRSADH
says that so long as the algorithims are implemented correctly, both RSA and DH/DSS systems are equally strong. However the paper acknowledges that number theory is a rapidly evolving topic and the paper itself is dated 1999/09/20.
http://www.mirrormonster.com/puttys.../Chapter8.html basically says that DSA is weak, I believe what the auther really means is that the DSA implementation in question is broken.
http://www.linuxforums.org/forum/ntopic5838.html. It would appear that this question has already been explored close to home (oops my bad). I came across this link while googling an unrelated ssh issue.
Any sort of export control/patent infringement issues concerning RSA are probably moot since the underlying algorithm was published (albeit classified at the time) before the patent was registered in the US, but of course details like that never seem to bother lawyers...
Cheers!

08152007 #3
 Join Date
 Aug 2007
 Posts
 1
RSA vs. DSA  keystrength
I just looked into RSA vs. DSA key strength and security. Lots of googling yielded two good technical references in
RSA  Wikipedia, the free encyclopedia
and
Digital Signature Algorithm  Wikipedia, the free encyclopedia
It was finally "man sshkeygen" that cinched it for me:
b bits
Specifies the number of bits in the key to create. For RSA keys,
* the minimum size is 768 bits and the default is 2048 bits. Genā
* erally, 2048 bits is considered sufficient. DSA keys must be
exactly 1024 bits as specified by FIPS 1862.
Now that the U.S. RSA patent is expired, I see sshkeygen's default key choice of RSA,2048bit as a perfectly reasonable choice.