http://www.linuxquestions.org/questions/linux-security-4/which-is-better-rsa-or-dsa-public-key-12593/
http://leaf.dragonflybsd.org/mailarchive/users/2005-01/msg00140.html
http://www.seedmuse.com/rsa_edit.htm

So, what about "(b) RSA is just a better protocol [(algorighm)]"?

From: Adrian Bocaniciu <a.bocaniciu@xxxxxxxxxxxx>
Date: Tue, 18 Jan 2005 20:27:22 +0000 
 I've read a few pieces which recommend RSA over DSA, although most

	Re:

 RSA vs DSA

Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Content-Transfer-Encoding: 7bit

Kris Maglione wrote:

 > So, what about "(b) RSA is just a better protocol [(algorighm)]"?

 > I've read a few pieces which recommend RSA over DSA, although most

 > crypto programs (OpenSSL/SSH etc.) say RSA is depricated/a last resort.

 > Any insights?

    Neither DSA nor RSA are deprecated.  Both algorithms are OK to use

for digital signatures (i.e. the signatures cannot be forged now or in

the near future), if their parameters, i.e. the key lengths, are chosen

correctly.

    The RSA algorithm can also be used for public-key encryption, but

that is not recommended, because there are better ways to accomplish

that and also because some older variants of using RSA for encryption

are broken. (Despite that, most HTTPS Web sites are still using obsolete

SSL libraries or configurations, which also use RSA for encryption, not

only for authentication).

    DSA and RSA are the only digital signature algorithms that are both

standardized and free from patents.  There was a time when RSA was not

recommended because it was covered by a patent, but now that patent has

expired.  There are also other digital signature algorithms that are

better for some applications, e.g. Rabin-Williams, which can be verified

much faster than RSA, but they are not standardized (except in IEEE

1363, which is not widely implemented yet).  Other algorithms, like

those using elliptic curves, are claimed to be covered by US patents, so

they cannot be recommended while there are free alternatives.

    For RSA, a 1536-bit key pair is recommended now for most uses e.g.

SSH public-key authentication, but longer keys shall be used for signing

documents that should not be forged even after many years.

Nevertheless, most Web sites that use HTTPS, have only 1024-bit RSA key

pairs, those are still reasonably secure for now, but in a few years

they will become breakable.  An 1536-bit RSA public/private key pair

requires about the same time for breaking as a 90-bit key of a

secret-key algorithm.  Nonetheless, in reality 1536-bit RSA is much more

secure than 90-bit, because either a huge memory (much beyond what is

currently possible) is needed for the computation or, if the memory is

unavailable, the computation becomes much slower, so the RSA key will be

equivalent in strength with a longer secret key.

    RSA is more appropriate for signing certificates, because it can be

verified faster, but for the authentication of the initial message

exchange in network connection establishments, like in IPsec, TLS/SSL or

SSH, DSA can be better, because there are an equal number of signing and

verification operations, so only the sum of the execution times for

signing and verification matters.  DSA has the advantage that it has the

same security as RSA at a shorter key length, i.e. 1280-bit DSA has

about the same security as 1536-bit RSA.  For that reason I always use

1280-bit DSA key pairs for SSH authentication, i.e. the keys are

generated with "ssh-keygen -t dsa -b 1280", both for the server host key

and for the users' workstations.

    DSA has a disadvantage that is not a property of the algorithm but

only of its implementation in OpenSSL, OpenSSH and other common

programs, it has several parameters that must be increased

simultaneously for better security, but applications like ssh-keygen let

you specify only the key length and they keep the other parameters

unchanged.  Because of that it is absolutely useless to increase the DSA

key length beyond 1280-bit, because the security is not improven.  On

the other hand, with RSA you can specify 2048-bit, 3072-bit or longer

key pairs, if you so desire.

       Best regards !

rsa or dsa?的更多相关文章

  1. 加密算法(对称加密)AES、DES (非对称加密)RSA、DSA

    目前主流的加密方式有:(对称加密)AES.DES        (非对称加密)RSA.DSA

  2. ssh-add - 向认证代理添加 RSA 或 DSA 身份数据

    总览 (SYNOPSIS) ssh-add [-lLdDx ] [-t life ] [file ... ] ssh-add -s reader ssh-add -e reader 描述 (DESCR ...

  3. RSA,DSA,ECDSA,EdDSA和Ed25519的区别

    RSA,DSA,ECDSA,EdDSA和Ed25519的区别 用过ssh的朋友都知道,ssh key的类型有很多种,比如dsa.rsa. ecdsa.ed25519等,那这么多种类型,我们要如何选择呢 ...

  4. OpenSSH 密钥管理:RSA/DSA 认证(转载)

    我们中有许多人把优秀的 OpenSSH用作古老的 telnet 和 rsh 命令的替代品,OpenSSH 不仅是安全的而且是加密的. OpenSSH 更加吸引人的特性之一是它能够使用基于一对互补的数字 ...

  5. [转]RSA,DSA等加解密算法介绍

    From : http://blog.sina.com.cn/s/blog_a9303fd90101cgw4.html 1)      MD5/SHA MessageDigest是一个数据的数字指纹. ...

  6. OpenSSH的RSA/DSA密钥认证系统

    OpenSSH的RSA/DSA密钥认证系统,它可以代替OpenSSH缺省使用的标准安全密码认证系统. OpenSSH的RSA和DSA认证协议的基础是一对专门生成的密钥,分别叫做私用密钥和公用密钥. 使 ...

  7. RSA/DSA 密钥的工作原理

    下面从整体上粗略的介绍了 RSA/DSA 密钥的工作原理.让我们从一种假想的情形开始,假定我们想用 RSA 认证允许一台本地的 Linux 工作站(称作 localbox)打开 remotebox 上 ...

  8. [转帖]RSA算法与DSA算法的区别

    RSA算法与DSA算法的区别 https://cloud.tencent.com/developer/news/254061 文章来源:企鹅号 - SuperFullStack 本文译自:StackE ...

  9. 浅谈RSA加密算法

    一.什么是非对称加密 1.加密的密钥与加密的密钥不相同,这样的加密算法称之为非对称加密 2.密钥分为:公钥,私钥  公钥:可以对外给任何人的加密和解密的密码,是公开的 私钥:通过私钥可以生成公钥,但从 ...

随机推荐

  1. C#窗口实现最小化到系统托盘

    using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; usin ...

  2. 让您的Xcode键字如飞

    手指在键盘上飞速跳跃,终端上的代码也随着飞舞,是的这确实很酷.优秀的程序员总是这么一群人,他们不拘于现状,不固步自封,他们喜欢新奇的事,他们把自己发挥到极致. 指法攻略 放下您钟爱的鼠标吧,在前行之中 ...

  3. java方法:flush()

    flush本意是冲刷,这个方法大概取自它引申义冲马桶的意思,马桶有个池子,你往里面扔东西,会暂时保存在池子里,只有你放水冲下去,东西才会进入下水道. 同理很多流都有一个这样的池子,专业术语叫缓冲区,当 ...

  4. layer属性

    键: 值 描述 下表的属性都是默认值,您可在调用时按需重新配置,他们可帮助你实现各式各样的风格.如是调用: $.layer({键: 值, 键: 值, -}); type: 0 层的类型.0:信息框(默 ...

  5. ios字体大小适应不同屏幕

    //根据button高度来设置字体大小 CGFloat dayLabelWidth = (viewWidth-10)/7-1; cancelButton = [[UIButton alloc] ini ...

  6. JDBC 事务隔离级别

    JDBC 事务隔离级别     先解释一下:a:脏读取:一个事务读取了另外一个并行事务未提交的数据b:不可重复读取:一个事务再次读取之前的数据时得到的数据不一致,被另外一个事务修改c:虚读:一个事务重 ...

  7. Break on _NSLockError() to debug.

    *** -[NSCondition dealloc]: condition (<NSCondition: 0x1039a450> '(null)') deallocated while s ...

  8. cocos2d Android.mk自动添加类

    打开Android.mk修改以下代码: LOCAL_SRC_FILES := hellocpp/main.cpp \ ../../Classes/AppDelegate.cpp \ ../../Cla ...

  9. Windows编译安装mod_wsgi,配合使用Django+Apahce

    编译环境: 均是32位版本 Microsoft Visual Studio 10.0 Microsoft SDKs v7.1 Apache2.4 Python3.4 mod_wsgi-4.5.0 要求 ...

  10. kvm的live-snapshot

    目前项目中已经存在的快照是针对卷的快照,并且需要关机.所以目前的需求有两个:1.不关机快照:2.针对虚拟机的快照,而不是针对券的快照. 由需求所以针对libvirt做了一些实验,纪录如下: 环境:物理 ...