Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2005
    Canada, Halifax

    OpenSSH user/host authentication: RSA versus DSA which provides stronger security?

    I'd like to solicit opinions on this topic. I've been reading much material on the topic and cannot seem to find a definitive/satisfying answer; perhaps there isn't one. Both DSA and RSA are asymetrical/public key encryption methods that can used by OpenSSH for host/user authentication whereas the actual communications link is encrypted by a symetrical key encryption method such as AES-256 (where the symetrical key has been exchanged during the initial user/host authentication stage).

    The prevailing opinion on the web seems to be that DSA is included for historical reasons and that RSA is more secure, however I'm not entriely convinced based on the following empirical observations: a 4096 bit RSA public key is about 712 bytes long and on my 2 GHz Sempron machine takes fifteen seconds to produce where as a 4096 bit DSA public key is about 2116 bytes long and takes twenty-five seconds to generate. Given that the two algorithims' relative strength shouldn't be judged by these metrics since a weak alorithim may need a longer key, and similairly the longer computation time may be due to additional computations required to discard trivial/weak key pairs. That haveing been said I cannot simply discard my observations.

    Without getting into the mathematics too deeply, I'd like to read a "strong" argument for the relative strength of RSA versus DSA, pertaining to OpenSSH user/host authentication.

    EDIT: Please note that the key lengths quoted above are the ASCII character lengths of the public key files (~/.ssh/ for example), and not the key lengths in bits. I apologize for the confusion.

  2. #2
    Just Joined!
    Join Date
    Jun 2005
    Canada, Halifax
    says that so long as the algorithims are implemented correctly, both RSA and DH/DSS systems are equally strong. However the paper acknowledges that number theory is a rapidly evolving topic and the paper itself is dated 1999/09/20. basically says that DSA is weak, I believe what the auther really means is that the DSA implementation in question is broken. It would appear that this question has already been explored close to home (oops my bad). I came across this link while googling an unrelated ssh issue.

    Any sort of export control/patent infringement issues concerning RSA are probably moot since the underlying algorithm was published (albeit classified at the time) before the patent was registered in the US, but of course details like that never seem to bother lawyers...


  3. #3

    RSA vs. DSA - keystrength

    Quote Originally Posted by dmccarney View Post
    Also, the PUTTY docs hint to a possible weakness in the DSA key for use with the SSH-2 protocol and recommends using RSA for SSH-2 instead so I modified your how-to to do that. Its all the same steps except for a different argument when you generate the key-pairs and of course point all of the other steps to the correct RSA keys.

    The changed line in the howto at the start is

    ssh-keygen -t dsa
    changed to:

    ssh-keygen -t rsa
    Make sure you change all the subsequent lines to point to the RSA files and not a DSA file.
    I just looked into RSA vs. DSA key strength and security. Lots of googling yielded two good technical references in
    RSA - Wikipedia, the free encyclopedia
    Digital Signature Algorithm - Wikipedia, the free encyclopedia

    It was finally "man ssh-keygen" that cinched it for me:

    -b bits
    Specifies the number of bits in the key to create. For RSA keys,
    * the minimum size is 768 bits and the default is 2048 bits. Genā
    * erally, 2048 bits is considered sufficient. DSA keys must be
    exactly 1024 bits as specified by FIPS 186-2.
    As a federal standard, DSA is somewhat hamstrung in its evolution. On the other hand keystrength of RSA is adjustable, and defaults to "twice" the keystrength of DSA.

    Now that the U.S. RSA patent is expired, I see ssh-keygen's default key choice of RSA,2048bit as a perfectly reasonable choice.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts