Note also that there is already some commentary on key sizes in the ssh-
keygen manual page:
For RSA keys, the minimum size is 768 bits and the default is 2048
bits. Generally, 2048 bits is considered sufficient. DSA keys must be
exactly 1024 bits as specified by FIPS 186-2.
--
ssh-keygen
Surely current best practice is obviously to use ssh-keygen's defaults?
They're a reasonable compromise between security and performance. The
defaults have changed in the past in response to changing circumstances,
and will no doubt do so again when it becomes appropriate.
--
ssh-keygen should
Note also that there is already some commentary on key sizes in the ssh-
keygen manual page:
For RSA keys, the minimum size is 768 bits and the default is 2048
bits. Generally, 2048 bits is considered sufficient. DSA keys must be
exactly 1024 bits as specified by FIPS 186-2.
--
ssh-keygen
Neal said: I agree that using a longer default key length in RSA (and
in DSA also) is a good idea at this point. I agree on RSA, but note
that keys longer than 1024 bits are not permitted by the DSS. From past
conversations with people who have better Real Cryptographer credentials
than I, I
I disagree, sorry. Other people have already pointed out a number of
reasons. You mention that RSA needs a larger key size, but note that
ssh-keygen already defaults to 2048-bit RSA keys.
The main reason why DSA used to be preferred by many people was that the
RSA algorithm was subject to
Neal said: I agree that using a longer default key length in RSA (and
in DSA also) is a good idea at this point. I agree on RSA, but note
that keys longer than 1024 bits are not permitted by the DSS. From past
conversations with people who have better Real Cryptographer credentials
than I, I
I disagree, sorry. Other people have already pointed out a number of
reasons. You mention that RSA needs a larger key size, but note that
ssh-keygen already defaults to 2048-bit RSA keys.
The main reason why DSA used to be preferred by many people was that the
RSA algorithm was subject to
Confirmed. I think this would be a good change.
:-Dustin
** Changed in: openssh (Ubuntu)
Status: New = Confirmed
--
ssh-keygen should default to dsa not rsa
https://bugs.launchpad.net/bugs/237391
You received this bug notification because you are a member of Ubuntu
Server Team, which
Sorry, what am I thinking ...
I misread the bug report title. I prefer RSA keys to DSA keys.
An interesting analysis lies in this thread:
* http://www.linuxforums.org/forum/linux-security/3515-rsa-versus-dsa.html
:-Dustin
** Changed in: openssh (Ubuntu)
Status: Confirmed = New
--
I expect that someone someday will again make a bad random number
generator. Maybe some proprietary box that I am pressured to use. I
don't want my keys to be vulnerable just because I use them on a machine
that doesn't get RNGs right. DSA is vulnerable to that problem, and RSA
is not.
I agree
From one of your links I also reminded that: 'It is possible to
implement the DSA algorithm such that a subliminal channel is created
that can expose key data and lead to forgable signatures so one is
warned not to used unexamined code.' - another strike against it.
--
ssh-keygen should default
Confirmed. I think this would be a good change.
:-Dustin
** Changed in: openssh (Ubuntu)
Status: New = Confirmed
--
ssh-keygen should default to dsa not rsa
https://bugs.launchpad.net/bugs/237391
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Sorry, what am I thinking ...
I misread the bug report title. I prefer RSA keys to DSA keys.
An interesting analysis lies in this thread:
* http://www.linuxforums.org/forum/linux-security/3515-rsa-versus-dsa.html
:-Dustin
** Changed in: openssh (Ubuntu)
Status: Confirmed = New
--
Why? Based on recent events, I would think DSA would be considered
worse, not better than RSA. E.g. from http://wiki.debian.org/SSLkeys
any DSA key must be considered compromised if it has been used on a
machine with a 'bad' OpenSSL. Simply using a 'strong' DSA key (i.e.,
generated with a
I expect that someone someday will again make a bad random number
generator. Maybe some proprietary box that I am pressured to use. I
don't want my keys to be vulnerable just because I use them on a machine
that doesn't get RNGs right. DSA is vulnerable to that problem, and RSA
is not.
I agree
From one of your links I also reminded that: 'It is possible to
implement the DSA algorithm such that a subliminal channel is created
that can expose key data and lead to forgable signatures so one is
warned not to used unexamined code.' - another strike against it.
--
ssh-keygen should default
16 matches
Mail list logo