LINUX SSH KEYGEN RSA2 GENERATOR
In practice that means that if you connect to your server from a machine with a poor random number generator and e.g. Ed25519 is the same thing but with a better curve, so it's the safest bet against the underlying algorithm being mathematically broken.Īlso, DSA and ECDSA have a nasty property: they require a parameter usually called k to be completely random, secret, and unique.
LINUX SSH KEYGEN RSA2 CRACK
And if NSA can already crack it, then it won't be as hard to crack for somebody else as a proper curve would be. OpenSSH only supports NIST curves for ECDSA and according to this study those curves look really suspicious for NSA backdoors. The ECC algorithms supported by OpenSSH are ECDSA and, since OpenSSH 6.5, Ed25519. The presentation suggests using elliptic curve cryptography instead. Moreover, the attack may be possible (but harder) to extend to RSA as well. So:Ī presentation at BlackHat 2013 suggests that significant advances have been made in solving the problems on complexity of which the strength of DSA and some other algorithms is founded, so they can be mathematically broken very soon.
Right now the question is a bit broader: RSA vs. So today, you are better off with an RSA 2048 or 4096 bit key. And if you take the considerations of this, we are no longer secure with 1024 bits for either RSA or DSA. So although in theory longer DSA keys are possible (FIPS 186-3 also explicitly allows them) you are still restricted to 1024 bits. In commercial terms, RSA is clearly the winner, commercial RSA certificates are much more widely deployed than DSA certificates.īut I saved the killer argument for the end: man ssh-keygen says that a DSA key has to be exactly 1024 bits long to be compliant with NIST's FIPS 186-2. Again you want decryption to be faster here because one encrypted document might be decrypted many times. DSA is generally faster in decryption but slower for encryption, with RSA it's the other way round. The signature is generated once - so it's fine if this takes a bit longer - but the document signature may be verified much more often by end users.īoth do support some form of encryption method, RSA out of the box and DSA using an El Gamal.
LINUX SSH KEYGEN RSA2 VERIFICATION
Verification is generally what you want to be faster if you deal e.g. You will see that DSA performs faster in generating a signature but much slower when verifying a signature of the same key length. You may have a look at this study or, if you have OpenSSL installed on your machine, run openssl speed. Now, if the security can be deemed as equal, we would of course favour the algorithm that is faster. Today the fastest known algorithm for factoring large integers is the General Number Field Sieve, also the fastest algorithm to solve the discrete logarithm problem in finite fields modulo a large prime p as specified for DSA. The security of the RSA algorithm is based on the fact that factorization of large integers is known to be "difficult", whereas DSA security is based on the discrete logarithm problem. That's the punch line, now some justification. DSA is faster for signature generation but slower for validation, slower when encrypting but faster when decrypting and security can be considered equivalent compared to an RSA key of equal key length.
0 kommentar(er)
