Sugar currently uses the owner key as an opaque string, not as an actual key. This means the key type does not yet matter, we can just as easily use an RSA key. The most important reason to prefer DSA over RSA, the RSA patent, has expired in 2000 [1]. While DSA is considered secure when used correctly, it relies on certain properties (e.g. a cryptographically secure PRNG [1]) that have not always been met in practice [3], with secret key exposure as a result [4]. RSA is less problematic in this regard.
RSA keys are also more readily usable with other tools (e.g. monkeysphere only supports RSA keys [5]), enabling Sugar to use a single key to identify the user for other protocols and purposes than just Collaboration. Examples that come to mind instantly are web browsing (think a.sl.o) and email (OpenPGP). [1] http://en.wikipedia.org/wiki/RSA [2] http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/ [3] http://www.debian.org/security/2008/dsa-1571 [4] http://rdist.root.org/2009/05/17/the-debian-pgp-disaster-that-almost-was/ [5] http://web.monkeysphere.info/news/release-0.24-1/ Signed-off-by: Sascha Silbe <[email protected]> --- src/jarabe/intro/window.py | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/jarabe/intro/window.py b/src/jarabe/intro/window.py index f7937b1..6cf1481 100644 --- a/src/jarabe/intro/window.py +++ b/src/jarabe/intro/window.py @@ -47,7 +47,7 @@ def create_profile(name, color=None): import commands keypath = os.path.join(env.get_profile_path(), 'owner.key') if not os.path.isfile(keypath): - cmd = "ssh-keygen -q -t dsa -f %s -C '' -N ''" % keypath + cmd = "ssh-keygen -q -t rsa -f %s -C '' -N ''" % keypath (s, o) = commands.getstatusoutput(cmd) if s != 0: logging.error('Could not generate key pair: %d %s', s, o) -- 1.7.7.1 _______________________________________________ Sugar-devel mailing list [email protected] http://lists.sugarlabs.org/listinfo/sugar-devel
