Best key for authentication? RSA or DSA?

I'd like to develop a corporate standard for ssh authentication, and during my research I have found many conflicting arguments for either RSA or DSA... and with the hope of not starting a flame-war, is there any clear benefit to one over the other?

We would simply like to use public/private keys for login authentication between certain servers.  What I'm proposing to use on each server to generate the keys is:

ssh-keygen -t rsa

Open in new window


This should give me a 2048-bit RSA key... but is DSA "better", and is there any advantage/disadvantage to longer/shorter keys?  Note, this is only used for authentication, not encryption. From what I'm lead to believe, ssh will use blowfish or something else to encrypt the actual session... so a longer key won't mean more CPU or anything like that. Right?
LVL 1
Sophia PaterakisAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
savoneConnect With a Mentor Commented:
Your question has peaked my interest so I did some reading.  

I believe that this gentlemen has given me the answer I was seeking:

http://www.linuxforums.org/forum/security/48093-openssh-user-host-authentication-rsa-versus-dsa-provides-stronger-security.html#post498142

You can see the whole conversation here:

http://www.linuxforums.org/forum/security/48093-openssh-user-host-authentication-rsa-versus-dsa-provides-stronger-security.html

Here is an excerpt that caught my attention:


It was finally "man ssh-keygen" that cinched it for me:

Quote:
-b bits
Specifies the number of bits in the key to create. For RSA keys,
* the minimum size is 768 bits and the default is 2048 bits. GenĂ¢
* erally, 2048 bits is considered sufficient. DSA keys must be
exactly 1024 bits as specified by FIPS 186-2.
As a federal standard, DSA is somewhat hamstrung in its evolution. On the other hand keystrength of RSA is adjustable, and defaults to "twice" the keystrength of DSA.

Now that the U.S. RSA patent is expired, I see ssh-keygen's default key choice of RSA,2048bit as a perfectly reasonable choice.
0
 
gelonidaCommented:
With rsa you can specify the key length depending on your rneeds.
With dsa you can't

When I researched for the same question I was pointed to rsa.

I don't have any supportive links though

0
 
decoleurConnect With a Mentor Commented:
here is a good thread with other references regarding RSA key length http://www.javamex.com/tutorials/cryptography/rsa_key_length.shtml

bottom line is every time you double key length, the time to encrypt/decrypt increases 6 or 7 times. The minimum key length should be 2048 if you want something to be secure for the next 5 years(they say 10 but looking at what amazon's cloud services can do I would go lower still)...

I would still change the key every 6 months.

hope this helps,

-t
0
 
decoleurConnect With a Mentor Commented:
forgot to include the logic to choose RSA over DSA...

DSA is based on SHA-1 which is being phased out because of a variety of successful attacks that do not rely on brute forcing...

check out http://johans.livejournal.com/3834.html for a quick read on the state of the SHA onion.

hope this helps,

-t
0
 
Greg CloughSenior Oracle DBACommented:
Thanks for the insight. You've all confirmed what I thought.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.