Ssh-keygen rsa or dsa better

There is no downside to keeping them all, though. A quick summary of the commonly available algorithms from a security perspective:. Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group.

Create a free Team What is Teams? Learn more. Ask Question. Asked 3 years, 11 months ago. Active 7 months ago. Viewed 22k times. Do I need all three? Improve this question. Chaminda Bandara. Chaminda Bandara Chaminda Bandara 1 1 gold badge 2 2 silver badges 13 13 bronze badges. Add a comment.

Active Oldest Votes. What are these files for? Taken from the OpenSSH man page, ssh 1 : When connecting to a server for the first time, a fingerprint of the server's public key is presented to the user unless the option StrictHostKeyChecking has been disabled.

If only legacy MD5 fingerprints for the server are available, the ssh-keygen 1 -E option may be used to downgrade the fingerprint algorithm to match. When connecting to an SSH server, a series of events take place: The SSH client connects to the server and advertises its preferred algorithm. The server sends the desired public key to the client, if it is supported. The client calculates the fingerprint of the public key. For subsequent connections, the fingerprint is compared against the saved one.

Right now the question is a bit broader: RSA vs. DSA vs. ECDSA vs. A presentation at BlackHat suggests that significant advances have been made in solving the problems on complexity of which the strength of DSA and some other algorithms is founded, so they can be mathematically broken very soon. Moreover, the attack may be possible but harder to extend to RSA as well.

The presentation suggests using elliptic curve cryptography instead. And if NSA can already crack it, then it won't be as hard to crack for somebody else as a proper curve would be. Ed is the same thing but with a better curve, so it's the safest bet against the underlying algorithm being mathematically broken. In practice that means that if you connect to your server from a machine with a poor random number generator and e.

In SSH, on the client side, the choice between RSA and DSA does not matter much, because both offer similar security for the same key size use bits and you will be happy. When version 2 was defined, RSA was still patented, so support of DSA was added, so that an opensource patent-free implementation could be made. RSA patent expired more than 10 years ago, so there is no worry now. Theoretically, in some very specific situations, you can have a performance issue with one or the other: if the server is a very small machine say, an i , it will prefer clients with RSA keys, because verifying a RSA signature is less computationally expensive than verifying a DSA signature.

Conversely, a DSA signature is shorter typically 64 bytes vs so if you are very short on bandwidth you would prefer DSA. Anyway, you will have a hard time detecting those effects, let alone find them important. On the server , a DSA key is preferred, because then the key exchange will use a transient Diffie-Hellman key, which opens the road for "Perfect Forward Secrecy" i.

If one of those properties is violated, it's possible to trivially recover the private key from one or two signatures. With RSA, in those situations only your ephemeral session key would have been compromised, if the actual authentication key pairs have been created using a properly seeded PRNG before.

OpenSSH 7. It too is weak and we recommend against its use. The math might not matter. This thread seems pre-Snowden.

Here is a Reuters article dated December 20, :. Reuters - As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U. Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September.

Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.

Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show. Matt : So we have heard a number of things that we can probably credit for real. Matt : That's exactly right.

We now suspect and have strong evidence to believe that the situation was exactly the opposite; that NIST was being used to put out standards that the NSA could break. Considering these recent revelations the strength of the algorithms seems largely irrelevant. In other words, it really doesn't matter if you are using the random number generators that come with pretty much any modern computer, which OpenSSH and others do.

Pick the one that is the fastest for what you want. In my case, I reuse the same key for a lot of stuff so DSA's faster generation speed is less desirable. I personally just use bit keys because, as we've seen, it really doesn't matter unless someone is placing some requirement on you who still believes bigger keys will protect you. The whole thing is largely just an annoyance to anyone seeking to break in. Sign up to join this community.

The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. RSA vs. Asked 10 years, 6 months ago. Active 1 year, 4 months ago. Viewed k times. Improve this question. Tom Leek k 26 26 gold badges silver badges bronze badges. Read the answers below, and you will also find out that bits is sufficient.

So, what is a digital signature? Asymmetric-key cryptography is based on an exchange of two keys — private and public. Since the public key is accessible to all, anyone could get yours and then contact you pretending to be someone else. Luckily, authentication problems were solved early in the internet age with digital signatures. Regardless of the file type or its size, a hash is only symbols long. Its only purpose is to protect you from fake versions of the file. Even if a hacker made the tiniest of changes, the hash would change as well, indicating that the message is no more genuine.

In other words, a digital signature not only guarantees that the sender is authentic but also ensures that the integrity of the message is intact. Both algorithms use modular arithmetic, but the RSA certificate relies on prime factorization, while DSA uses the discrete logarithm problem. For now, both are considered completely safe. The former is a faster signature, but the latter is more efficient at verification. However, since authentication requires both, speed discrepancies might not be as significant as they sound.

RSA can be used as a digital signature and an encryption algorithm. Compatibility-wise, they are equal.