Solved

Best key for authentication?  RSA or DSA?

Posted on 2011-02-15
5
1,541 Views
Last Modified: 2012-05-11
I'd like to develop a corporate standard for ssh authentication, and during my research I have found many conflicting arguments for either RSA or DSA... and with the hope of not starting a flame-war, is there any clear benefit to one over the other?

We would simply like to use public/private keys for login authentication between certain servers.  What I'm proposing to use on each server to generate the keys is:

ssh-keygen -t rsa

Open in new window


This should give me a 2048-bit RSA key... but is DSA "better", and is there any advantage/disadvantage to longer/shorter keys?  Note, this is only used for authentication, not encryption. From what I'm lead to believe, ssh will use blowfish or something else to encrypt the actual session... so a longer key won't mean more CPU or anything like that. Right?
0
Comment
Question by:Sophia Paterakis
5 Comments
 
LVL 23

Accepted Solution

by:
savone earned 350 total points
ID: 34906431
Your question has peaked my interest so I did some reading.  

I believe that this gentlemen has given me the answer I was seeking:

http://www.linuxforums.org/forum/security/48093-openssh-user-host-authentication-rsa-versus-dsa-provides-stronger-security.html#post498142

You can see the whole conversation here:

http://www.linuxforums.org/forum/security/48093-openssh-user-host-authentication-rsa-versus-dsa-provides-stronger-security.html

Here is an excerpt that caught my attention:


It was finally "man ssh-keygen" that cinched it for me:

Quote:
-b bits
Specifies the number of bits in the key to create. For RSA keys,
* the minimum size is 768 bits and the default is 2048 bits. Genâ
* erally, 2048 bits is considered sufficient. DSA keys must be
exactly 1024 bits as specified by FIPS 186-2.
As a federal standard, DSA is somewhat hamstrung in its evolution. On the other hand keystrength of RSA is adjustable, and defaults to "twice" the keystrength of DSA.

Now that the U.S. RSA patent is expired, I see ssh-keygen's default key choice of RSA,2048bit as a perfectly reasonable choice.
0
 
LVL 16

Expert Comment

by:gelonida
ID: 34910991
With rsa you can specify the key length depending on your rneeds.
With dsa you can't

When I researched for the same question I was pointed to rsa.

I don't have any supportive links though

0
 
LVL 18

Assisted Solution

by:decoleur
decoleur earned 150 total points
ID: 34912575
here is a good thread with other references regarding RSA key length http://www.javamex.com/tutorials/cryptography/rsa_key_length.shtml

bottom line is every time you double key length, the time to encrypt/decrypt increases 6 or 7 times. The minimum key length should be 2048 if you want something to be secure for the next 5 years(they say 10 but looking at what amazon's cloud services can do I would go lower still)...

I would still change the key every 6 months.

hope this helps,

-t
0
 
LVL 18

Assisted Solution

by:decoleur
decoleur earned 150 total points
ID: 34912610
forgot to include the logic to choose RSA over DSA...

DSA is based on SHA-1 which is being phased out because of a variety of successful attacks that do not rely on brute forcing...

check out http://johans.livejournal.com/3834.html for a quick read on the state of the SHA onion.

hope this helps,

-t
0
 
LVL 6

Expert Comment

by:Greg Clough
ID: 34945109
Thanks for the insight. You've all confirmed what I thought.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
With healthcare moving into the digital age with things like Healthcare.gov, the digitization of patient records and video conferencing with patients, data has a much greater chance of being exposed than ever before.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question