New snapshot
Damien Miller
djm at mindrot.org
Wed Nov 15 19:40:03 EST 2000
On Wed, 15 Nov 2000, Gert Doering wrote:
> My gripe is being *forced* to create multiple different host keys (or
> disable protocol 2).
You are not forced to do anything. To enable protocol 2, you need either
a SSH2 DSA key, a SSH2 RSA key or both.
RSA has a couple of advantages over DSA:
- Generating a DSA signature requires 160 bits of entropy (k), if these
bits are ever recovered or guessed by an attacker, then they can be used
to determine your private key[1].
- The keys are shorter (you don't need to ship parameters about with
the key as you do with DSA)
- Key generation is quicker (DSA parameter generation is slow and
computationally intensive)
- Verification of signatures (and thus authentication) can be an order
of magnitude faster with RSA. Signing is a little slower. OpenSSL
speaks best here:
sign verify sign/s verify/s
rsa 1024 bits 0.0165s 0.0009s 60.8 1138.9
dsa 1024 bits 0.0084s 0.0099s 118.7 101.1
Regards,
Damien Miller
[1] _Applied Cryptography_, Bruce Schneier, p. 492
--
| ``We've all heard that a million monkeys banging on | Damien Miller -
| a million typewriters will eventually reproduce the | <djm at mindrot.org>
| works of Shakespeare. Now, thanks to the Internet, /
| we know this is not true.'' - Robert Wilensky UCB / http://www.mindrot.org
More information about the openssh-unix-dev
mailing list