RSA versus DSA / Protocol 1 versus Protocol 2
Daniel Bergman
d-b at home.se
Mon Feb 25 08:35:11 EST 2002
I'm sorry for coming in this late.
I would really appreciate a list of pros and cons of each algorithm, RSA -
DSA.
Regards,
Daniel
> On Sun, Feb 24, 2002 at 11:24:23AM -0700, Bob Proulx wrote:
>> I have been searching the archives and confused about some points that
>> I am hoping could be cleared up.
>>
>> RSA versus DSA
>>
>> I seem to see a lot of messages saying this. That DSA is slow. DSA
>> was added only to avoid a patent which is now expired. RSA is the
>> preferred authentification method. DSA should be avoided. Which all
>> sounds fine to me and I think I agree with that. Assuming this
>> applies to both host keys and user keys it seems that you cannot
>> disable this for host keys when using Protocol 2.
>
> define 'disable'. you can delete the DSA host key.
>
>> Is that required
>> for compatibility or other reason?
>
> the SSH2 'standard' defines:
>
> The following public key and/or certificate formats are currently
> defined:
>
> ssh-dss REQUIRED sign Simple DSS
> ssh-rsa RECOMMENDED sign Simple RSA
>
> There is a large installed base of DSA keys.
>
>> Protocol 1 versus Protocol 2
>>
>> OpenSSH 3.x defaults to Protocol 2,1. Fine. But ssh-keygen and
>> ssh-add default to creating and using rsa1 keys, which means using
>> Protocol 1, but using DSA host keys.
>
> in OpenSSH 3.1:
> ssh-keygen will no longer have a default key type.
> ssh-add will try to add all 3 key types.
>
> -m
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
--
Daniel Bergman
Phone: 08 - 55066265
Mobile: 070 - 289 30 39
Fax: 08 - 59827056
Email: d-b at home.se
More information about the openssh-unix-dev
mailing list