Which is better RSA or DSA public key?
 

I FINALLY got public key authentification to work. But Which is better? RSA or DSA?

Thanks in advance.

Define "better"?

At the risk of a newbie leading a newbie...

I've read that RSA is less secure than DSA but authenticates faster.

Sonny.

That's correct. But the speed difference in authentication is so small (if you talk about ssh'ing into a system with a regular size password of say 8 characters (or a few more if you use MD5) that you will not notice a difference.

So go with DSA. May as well go for more security and it pretty much doesn't come with a price.

DSA is faster in *signing*, but slower in *verifying*.
A DSA key of the same strength as RSA (1024 bits) generates a smaller signature.
An RSA 512 bit key has been cracked, but only a 280 DSA key.
It doesn't matter because with Ssh only authentication is done using RSA or DSA algorithm, and then the "rest" is encoded using a (uh, was it block?) cipher like IDEA, DES, Blowfish, etc, etc after the authentication is done.
While Ssh2 can use either DSA or RSA keys, Ssh1 cannot. Ssh2 will also not use patented cypers like IDEA.

More info here and here (the latter bein a wee bit old).

hey,

speaking of RSA and DSA, what is the information that is encoded?

in other terms , whats the information in the DSA? a password encoded? a random number?

Thanxs

***BUMP***

I found this thread because I am confused. It is because I'm looking for ssh-keygen howtos on the web.

One shows

http://thinkhole.org/wp/2006/10/30/f...re-secure-ssh/

http://www.suso.org/docs/shell/ssh.sdf
The other one shows
So for a basic user like me who wants to get access to his network from a remote location, which would work better?

thanks

DSA is something that is actively pushed by the government, btw, because DSA cannot be used to encrypt stuff, only to sign it. RSA can be used to both encrypt AND sign.

That said, DSA is faster at signing. RSA is faster at verifying.

Really.. who cares. I use RSA just because I like to stick it to the G-man.

For anobody who's looking more of this, go through this mailing list discussion : http://leaf.dragonflybsd.org/mailarc.../msg00140.html

What kind of bullshit is this?.
Please, read about first. "A fellow by the name of Leo de Velez from the Phillipines had thought he had broken RSA, and a reporter colleague wrote up this story and published it. This is probably what you have heard about. " (Ron Rivers, the 'R' of RSA)
Here you can read the original mail between both:
http://www.seedmuse.com/rsa_edit.htm

Cheers

Hey, thanks for drudging up a 2 year old dead thread. I was having trouble sleeping at night because of what you deem to be faulty information.

I think I may actually be able to die now, and rest in peace, because you have provided such useful input. And done it so eloquently, too.

Thanks again!

cheers,

nice

I agree that resurrecting a two year old dead thread for this is ridiculous. Furthermore, I find the language and tone of morphynoman's post to be objectionable. I'm closing this thread. If anyone has a desire to start another RSA/DSA discussion, start a new thread and use references as necessary.