When rsa vs dsa

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Yep brand new and no clue about the issue.

I'm setting up openssh and know zip about cryptology (hope this is the
correct word). I've read that I can generate both types of keys. Is
there some reason, I'd want to use one over the other?


Re: When rsa vs dsa

Gary Armstrong <garyarm_remThis_at_testedgeinc.com> writes:
Quoted text here. Click to load it

one of the issues used to have to do with hardware tokens. dsa
includes generation of a random number as part of the signing process,
poor random number generation can allow the private key to be
recovered. for quite awhile, the crop of availabile hardware tokens
had really bad random number generation ... which resulted in dsa
private keys being extremely vulnerable (with dsa implemented in those

rsa didn't have the same vulnerability ... although there is frequently
a requirement for a random number NONCE in rsa-signed messages.

RSA signature of a 20-byte SHA-1 is 20 bytes ... plus the size of
the message plus frequently a 20byte random number NONCE contained in
the body of the message ... effectively message length plus 40 bytes
(20 byte signature plus 20 byte nonce).

DSA signature of 20-byte SHA-1 is 40 bytes ... plus the size of the
message ... which is message length plus 40 byte DSA signature.

in any case, infrastructures that wanted to be agnostic with respect
to hardware token and software implementations might have tended to go
with RSA (eliminating the private key vulnerability dependent on
hardware token quality random number generation as part of the signing

more recent crop of hardware tokens tend to have hgiher quality random
number generators ... sufficent for doing both on-chip key generation
as well as DSA (and/or ECDSA) signing.

DSA  .. FIPS186-2 reference:

SHA ... fips180 reference:

Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm

Re: When rsa vs dsa

Quoted text here. Click to load it

On the contrary. An RSA signature is about the same size as the
modulus of the RSA key. So for a 1024-bit key, that's _128_ bytes.
Simon Tatham         "What a caterpillar calls the end of the

Re: When rsa vs dsa

Quoted text here. Click to load it

yep, severe brain check there ...

minor additional information as to key strengths ... following
from internet-draft on key lengths:

requirement  Symmetric  RSA or DH     DSA subgroup
for attack   key size   modulus size  size
resistance   (bits)     (bits)        (bits)

    70           70          947          129
    80           80         1228          148
    90           90         1553          167
   100          100         1926          186
   150          150         4575          284
   200          200         8719          383
   250          250        14596          482

Anne & Lynn Wheeler | http://www.garlic.com/~lynn /
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm

Site Timeline