Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SSH keys: RSA vs DSA

42 views
Skip to first unread message

Kasper Dupont

unread,
Jun 27, 2002, 8:26:11 AM6/27/02
to
Ssh protocol version 2 can use RSA as well as DSA keys.
What are the advantages and disadvantages of each type
of key?
--
Kasper Dupont -- der bruger for meget tid på usenet.
For sending spam use mailto:razor-...@daimi.au.dk

John Thompson

unread,
Jun 28, 2002, 6:27:05 PM6/28/02
to
In article <3D1B0463...@daimi.au.dk>, Kasper Dupont wrote:

> Ssh protocol version 2 can use RSA as well as DSA keys.
> What are the advantages and disadvantages of each type
> of key?

DSA is an old and fairly weak encryption, supported mostly for
backwards-compatibility with apps that expect to be able to use it.

Use RSA if you have a choice.

--


-John (John.T...@attglobal.net)

John Doe

unread,
Jun 29, 2002, 5:04:31 AM6/29/02
to

> DSA is an old and fairly weak encryption, supported mostly for

Weak? Do you have any references for this? Or perhaps do you mean DES,
which is indeed no longer recommended - but it is a symmetric cipher,
unrelated to DSA and RSA, and should be replaced by AES, Blowfish, or
even 3DES.

As for DSA vs RSA, I'd recommend the latter because it is faster. As I
understand it, DSA is present in SSH because:

- it is not easily used for encryption, hence can be exported from the US;
- RSA used to be patented (no longer applies);
- It is better to have at least two completely unrelated algorithms since,
as a friend of mine put it, public-key crypto uses strongly-structured
mathematical objects which are intrinsically vulnerable to a math guy
from outer space smoking a theorem trivializing the problem.

--
jdoe+...@comelec.enst.fr

This is a spam-bait; any mail sent to any of these email addresses will
go through an open-relay scanner.

Kasper Dupont

unread,
Jun 29, 2002, 6:10:50 AM6/29/02
to
John Doe wrote:
>
> As for DSA vs RSA, I'd recommend the latter because it is faster.

AFAIK they are only used for establishing the connection, so the
speed shouldn't be any major problem.

> vulnerable to a math guy from outer space

I can accept that risk. ;-)

David Goodenough

unread,
Jun 29, 2002, 11:56:06 AM6/29/02
to
John Thompson wrote:

DSA is the Digital Signature Algorithm, and only does signatures not
encryption. RSA can do both signatures and encryption. It is however
true that DSA keys can be used with some elyptic curve encryption
algorithms to encrypt. Using different keys for encryption and signing
(for certificates and the like) has considerable cryptographic merit,
and while you can use separate keys with RSA, the temptation to use the
same one is frequently overwelming expecially to those who do not
unstand why they should not.

According to Bruce Schneier both DSA and RSA with the same length keys
are just about identical in difficulty to crack. Use the key for
encryption as well as signing and breaking the key gets much easier
simply because there is more data to work with.

SSH uses either DSA or RSA for signing, not encryption, so actually
it makes little difference which you use. As mentioned elsewhere in
this thread US encryption export laws used to mean that DSA was
preferable as it was only for signing and could not be used for
encryption and therefore was allowed to be exported. Following
on from Sept 11 this kind of regulation could come back although
enforcing it would be even harder that it was when implementations
were produced outside the US before the regulations were relaxed.
RSA used to be covered by patent, but that has now lapsed, which
also was a US only problem.

David

0 new messages