?
Solved

Best key for authentication?  RSA or DSA?

Posted on 2011-02-15
5
Medium Priority
?
1,654 Views
Last Modified: 2012-05-11
I'd like to develop a corporate standard for ssh authentication, and during my research I have found many conflicting arguments for either RSA or DSA... and with the hope of not starting a flame-war, is there any clear benefit to one over the other?

We would simply like to use public/private keys for login authentication between certain servers.  What I'm proposing to use on each server to generate the keys is:

ssh-keygen -t rsa

Open in new window


This should give me a 2048-bit RSA key... but is DSA "better", and is there any advantage/disadvantage to longer/shorter keys?  Note, this is only used for authentication, not encryption. From what I'm lead to believe, ssh will use blowfish or something else to encrypt the actual session... so a longer key won't mean more CPU or anything like that. Right?
0
Comment
Question by:Sophia Paterakis
5 Comments
 
LVL 23

Accepted Solution

by:
savone earned 1400 total points
ID: 34906431
Your question has peaked my interest so I did some reading.  

I believe that this gentlemen has given me the answer I was seeking:

http://www.linuxforums.org/forum/security/48093-openssh-user-host-authentication-rsa-versus-dsa-provides-stronger-security.html#post498142

You can see the whole conversation here:

http://www.linuxforums.org/forum/security/48093-openssh-user-host-authentication-rsa-versus-dsa-provides-stronger-security.html

Here is an excerpt that caught my attention:


It was finally "man ssh-keygen" that cinched it for me:

Quote:
-b bits
Specifies the number of bits in the key to create. For RSA keys,
* the minimum size is 768 bits and the default is 2048 bits. Genâ
* erally, 2048 bits is considered sufficient. DSA keys must be
exactly 1024 bits as specified by FIPS 186-2.
As a federal standard, DSA is somewhat hamstrung in its evolution. On the other hand keystrength of RSA is adjustable, and defaults to "twice" the keystrength of DSA.

Now that the U.S. RSA patent is expired, I see ssh-keygen's default key choice of RSA,2048bit as a perfectly reasonable choice.
0
 
LVL 17

Expert Comment

by:gelonida
ID: 34910991
With rsa you can specify the key length depending on your rneeds.
With dsa you can't

When I researched for the same question I was pointed to rsa.

I don't have any supportive links though

0
 
LVL 18

Assisted Solution

by:decoleur
decoleur earned 600 total points
ID: 34912575
here is a good thread with other references regarding RSA key length http://www.javamex.com/tutorials/cryptography/rsa_key_length.shtml

bottom line is every time you double key length, the time to encrypt/decrypt increases 6 or 7 times. The minimum key length should be 2048 if you want something to be secure for the next 5 years(they say 10 but looking at what amazon's cloud services can do I would go lower still)...

I would still change the key every 6 months.

hope this helps,

-t
0
 
LVL 18

Assisted Solution

by:decoleur
decoleur earned 600 total points
ID: 34912610
forgot to include the logic to choose RSA over DSA...

DSA is based on SHA-1 which is being phased out because of a variety of successful attacks that do not rely on brute forcing...

check out http://johans.livejournal.com/3834.html for a quick read on the state of the SHA onion.

hope this helps,

-t
0
 
LVL 6

Expert Comment

by:Greg Clough
ID: 34945109
Thanks for the insight. You've all confirmed what I thought.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ITIL has an elaborate incident management framework. This article serves as a starter for those who'd like to know more or need to suss out the baseline elements in a typical incident response execution plan on the "need to have" and the "good to ha…
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question