vulnerability with ssh-agent

Bob Proulx bob at proulx.com
Mon Jul 19 09:24:29 EST 2004


Keld Jørn Simonsen wrote:
> I have written a small introduction to newbies in Danish on ssh and
> friends. Now some people are questioning my advice and I think they have
> a point.
> 
> I am advocating people to use DSA-keys and a config file with this:

As I understand it RSA keys are both faster and more secure for the
same number of key bits.  Which is why DSA keys must be much bigger
than RSA keys to provide a similar level of strength.  Both of which
makes DSA keys slower.

As I understand it the only reason for DSA keys was to avoid the RSA
patent now expired by four years.  But is is now expired and so longer
poses a restriction.

I would use RSA keys.  They are strong, fast and compact.

Bob




More information about the openssh-unix-dev mailing list