Note also that there is already some commentary on key sizes in the ssh-
keygen manual page:
For RSA keys, the minimum size is 768 bits and the default is 2048
bits. Generally, 2048 bits is considered sufficient. DSA keys must be
exactly 1024 bits as specified by FIPS 186-2.
--
ssh-keygen
Neal said: I agree that using a longer default key length in RSA (and
in DSA also) is a good idea at this point. I agree on RSA, but note
that keys longer than 1024 bits are not permitted by the DSS. From past
conversations with people who have better Real Cryptographer credentials
than I, I
I disagree, sorry. Other people have already pointed out a number of
reasons. You mention that RSA needs a larger key size, but note that
ssh-keygen already defaults to 2048-bit RSA keys.
The main reason why DSA used to be preferred by many people was that the
RSA algorithm was subject to
Confirmed. I think this would be a good change.
:-Dustin
** Changed in: openssh (Ubuntu)
Status: New = Confirmed
--
ssh-keygen should default to dsa not rsa
https://bugs.launchpad.net/bugs/237391
You received this bug notification because you are a member of Ubuntu
Server Team, which
Sorry, what am I thinking ...
I misread the bug report title. I prefer RSA keys to DSA keys.
An interesting analysis lies in this thread:
* http://www.linuxforums.org/forum/linux-security/3515-rsa-versus-dsa.html
:-Dustin
** Changed in: openssh (Ubuntu)
Status: Confirmed = New
--
I expect that someone someday will again make a bad random number
generator. Maybe some proprietary box that I am pressured to use. I
don't want my keys to be vulnerable just because I use them on a machine
that doesn't get RNGs right. DSA is vulnerable to that problem, and RSA
is not.
I agree
From one of your links I also reminded that: 'It is possible to
implement the DSA algorithm such that a subliminal channel is created
that can expose key data and lead to forgable signatures so one is
warned not to used unexamined code.' - another strike against it.
--
ssh-keygen should default