?
Solved

Best key for authentication?  RSA or DSA?

Posted on 2011-02-15
5
Medium Priority
?
1,594 Views
Last Modified: 2012-05-11
I'd like to develop a corporate standard for ssh authentication, and during my research I have found many conflicting arguments for either RSA or DSA... and with the hope of not starting a flame-war, is there any clear benefit to one over the other?

We would simply like to use public/private keys for login authentication between certain servers.  What I'm proposing to use on each server to generate the keys is:

ssh-keygen -t rsa

Open in new window


This should give me a 2048-bit RSA key... but is DSA "better", and is there any advantage/disadvantage to longer/shorter keys?  Note, this is only used for authentication, not encryption. From what I'm lead to believe, ssh will use blowfish or something else to encrypt the actual session... so a longer key won't mean more CPU or anything like that. Right?
0
Comment
Question by:Sophia Paterakis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 23

Accepted Solution

by:
savone earned 1400 total points
ID: 34906431
Your question has peaked my interest so I did some reading.  

I believe that this gentlemen has given me the answer I was seeking:

http://www.linuxforums.org/forum/security/48093-openssh-user-host-authentication-rsa-versus-dsa-provides-stronger-security.html#post498142

You can see the whole conversation here:

http://www.linuxforums.org/forum/security/48093-openssh-user-host-authentication-rsa-versus-dsa-provides-stronger-security.html

Here is an excerpt that caught my attention:


It was finally "man ssh-keygen" that cinched it for me:

Quote:
-b bits
Specifies the number of bits in the key to create. For RSA keys,
* the minimum size is 768 bits and the default is 2048 bits. Genâ
* erally, 2048 bits is considered sufficient. DSA keys must be
exactly 1024 bits as specified by FIPS 186-2.
As a federal standard, DSA is somewhat hamstrung in its evolution. On the other hand keystrength of RSA is adjustable, and defaults to "twice" the keystrength of DSA.

Now that the U.S. RSA patent is expired, I see ssh-keygen's default key choice of RSA,2048bit as a perfectly reasonable choice.
0
 
LVL 17

Expert Comment

by:gelonida
ID: 34910991
With rsa you can specify the key length depending on your rneeds.
With dsa you can't

When I researched for the same question I was pointed to rsa.

I don't have any supportive links though

0
 
LVL 18

Assisted Solution

by:decoleur
decoleur earned 600 total points
ID: 34912575
here is a good thread with other references regarding RSA key length http://www.javamex.com/tutorials/cryptography/rsa_key_length.shtml

bottom line is every time you double key length, the time to encrypt/decrypt increases 6 or 7 times. The minimum key length should be 2048 if you want something to be secure for the next 5 years(they say 10 but looking at what amazon's cloud services can do I would go lower still)...

I would still change the key every 6 months.

hope this helps,

-t
0
 
LVL 18

Assisted Solution

by:decoleur
decoleur earned 600 total points
ID: 34912610
forgot to include the logic to choose RSA over DSA...

DSA is based on SHA-1 which is being phased out because of a variety of successful attacks that do not rely on brute forcing...

check out http://johans.livejournal.com/3834.html for a quick read on the state of the SHA onion.

hope this helps,

-t
0
 
LVL 6

Expert Comment

by:Greg Clough
ID: 34945109
Thanks for the insight. You've all confirmed what I thought.
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question