Solved

Best key for authentication?  RSA or DSA?

Posted on 2011-02-15
5
1,502 Views
Last Modified: 2012-05-11
I'd like to develop a corporate standard for ssh authentication, and during my research I have found many conflicting arguments for either RSA or DSA... and with the hope of not starting a flame-war, is there any clear benefit to one over the other?

We would simply like to use public/private keys for login authentication between certain servers.  What I'm proposing to use on each server to generate the keys is:

ssh-keygen -t rsa

Open in new window


This should give me a 2048-bit RSA key... but is DSA "better", and is there any advantage/disadvantage to longer/shorter keys?  Note, this is only used for authentication, not encryption. From what I'm lead to believe, ssh will use blowfish or something else to encrypt the actual session... so a longer key won't mean more CPU or anything like that. Right?
0
Comment
Question by:Sophia Paterakis
5 Comments
 
LVL 23

Accepted Solution

by:
savone earned 350 total points
ID: 34906431
Your question has peaked my interest so I did some reading.  

I believe that this gentlemen has given me the answer I was seeking:

http://www.linuxforums.org/forum/security/48093-openssh-user-host-authentication-rsa-versus-dsa-provides-stronger-security.html#post498142

You can see the whole conversation here:

http://www.linuxforums.org/forum/security/48093-openssh-user-host-authentication-rsa-versus-dsa-provides-stronger-security.html

Here is an excerpt that caught my attention:


It was finally "man ssh-keygen" that cinched it for me:

Quote:
-b bits
Specifies the number of bits in the key to create. For RSA keys,
* the minimum size is 768 bits and the default is 2048 bits. Genâ
* erally, 2048 bits is considered sufficient. DSA keys must be
exactly 1024 bits as specified by FIPS 186-2.
As a federal standard, DSA is somewhat hamstrung in its evolution. On the other hand keystrength of RSA is adjustable, and defaults to "twice" the keystrength of DSA.

Now that the U.S. RSA patent is expired, I see ssh-keygen's default key choice of RSA,2048bit as a perfectly reasonable choice.
0
 
LVL 16

Expert Comment

by:gelonida
ID: 34910991
With rsa you can specify the key length depending on your rneeds.
With dsa you can't

When I researched for the same question I was pointed to rsa.

I don't have any supportive links though

0
 
LVL 18

Assisted Solution

by:decoleur
decoleur earned 150 total points
ID: 34912575
here is a good thread with other references regarding RSA key length http://www.javamex.com/tutorials/cryptography/rsa_key_length.shtml

bottom line is every time you double key length, the time to encrypt/decrypt increases 6 or 7 times. The minimum key length should be 2048 if you want something to be secure for the next 5 years(they say 10 but looking at what amazon's cloud services can do I would go lower still)...

I would still change the key every 6 months.

hope this helps,

-t
0
 
LVL 18

Assisted Solution

by:decoleur
decoleur earned 150 total points
ID: 34912610
forgot to include the logic to choose RSA over DSA...

DSA is based on SHA-1 which is being phased out because of a variety of successful attacks that do not rely on brute forcing...

check out http://johans.livejournal.com/3834.html for a quick read on the state of the SHA onion.

hope this helps,

-t
0
 
LVL 6

Expert Comment

by:Greg Clough
ID: 34945109
Thanks for the insight. You've all confirmed what I thought.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now