-   Linux - Security (
-   -   Which is better RSA or DSA public key? (

tarballedtux 01-24-2002 02:54 PM

Which is better RSA or DSA public key?
I FINALLY got public key authentification to work. But Which is better? RSA or DSA?

Thanks in advance.

unSpawn 01-24-2002 04:02 PM

Define "better"?

Sonny 01-24-2002 04:07 PM

At the risk of a newbie leading a newbie...

I've read that RSA is less secure than DSA but authenticates faster.


lfslinux 01-24-2002 06:00 PM


Originally posted by Sonny
At the risk of a newbie leading a newbie...

I've read that RSA is less secure than DSA but authenticates faster.


That's correct. But the speed difference in authentication is so small (if you talk about ssh'ing into a system with a regular size password of say 8 characters (or a few more if you use MD5) that you will not notice a difference.

So go with DSA. May as well go for more security and it pretty much doesn't come with a price.

unSpawn 01-25-2002 01:29 AM

DSA is faster in *signing*, but slower in *verifying*.
A DSA key of the same strength as RSA (1024 bits) generates a smaller signature.
An RSA 512 bit key has been cracked, but only a 280 DSA key.
It doesn't matter because with Ssh only authentication is done using RSA or DSA algorithm, and then the "rest" is encoded using a (uh, was it block?) cipher like IDEA, DES, Blowfish, etc, etc after the authentication is done.
While Ssh2 can use either DSA or RSA keys, Ssh1 cannot. Ssh2 will also not use patented cypers like IDEA.

More info here and here (the latter bein a wee bit old).

Tarekaz 06-08-2006 03:55 PM


speaking of RSA and DSA, what is the information that is encoded?

in other terms , whats the information in the DSA? a password encoded? a random number?


JockVSJock 10-31-2006 10:26 AM


I found this thread because I am confused. It is because I'm looking for ssh-keygen howtos on the web.

One shows

ssh-keygen -v -t rsa
The other one shows

ssh-keygen -v dsa
So for a basic user like me who wants to get access to his network from a remote location, which would work better?


coontie 10-31-2006 10:30 AM

DSA is something that is actively pushed by the government, btw, because DSA cannot be used to encrypt stuff, only to sign it. RSA can be used to both encrypt AND sign.

That said, DSA is faster at signing. RSA is faster at verifying.

Really.. who cares. I use RSA just because I like to stick it to the G-man.

amitsharma_26 12-05-2006 08:20 AM

For anobody who's looking more of this, go through this mailing list discussion :

morphynoman 02-02-2009 01:44 AM


Originally Posted by unSpawn (Post 51808)
An RSA 512 bit key has been cracked, but only a 280 DSA key.

What kind of bullshit is this?.
Please, read about first. "A fellow by the name of Leo de Velez from the Phillipines had thought he had broken RSA, and a reporter colleague wrote up this story and published it. This is probably what you have heard about. " (Ron Rivers, the 'R' of RSA)
Here you can read the original mail between both:


mrclisdue 02-02-2009 05:49 AM

Hey, thanks for drudging up a 2 year old dead thread. I was having trouble sleeping at night because of what you deem to be faulty information.

I think I may actually be able to die now, and rest in peace, because you have provided such useful input. And done it so eloquently, too.

Thanks again!


unixfool 02-02-2009 12:50 PM


win32sux 02-03-2009 06:15 AM

I agree that resurrecting a two year old dead thread for this is ridiculous. Furthermore, I find the language and tone of morphynoman's post to be objectionable. I'm closing this thread. If anyone has a desire to start another RSA/DSA discussion, start a new thread and use references as necessary.

All times are GMT -5. The time now is 08:06 AM.