rsa or dsa?
http://www.linuxquestions.org/questions/linux-security-4/which-is-better-rsa-or-dsa-public-key-12593/
http://leaf.dragonflybsd.org/mailarchive/users/2005-01/msg00140.html
http://www.seedmuse.com/rsa_edit.htm
So, what about "(b) RSA is just a better protocol [(algorighm)]"?
| From: | Adrian Bocaniciu <a.bocaniciu@xxxxxxxxxxxx> |
| Date: | Tue, 18 Jan 2005 20:27:22 +0000 |
I've read a few pieces which recommend RSA over DSA, although most
Re:
RSA vs DSA Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit Kris Maglione wrote:
> So, what about "(b) RSA is just a better protocol [(algorighm)]"?
> I've read a few pieces which recommend RSA over DSA, although most
> crypto programs (OpenSSL/SSH etc.) say RSA is depricated/a last resort.
> Any insights? Neither DSA nor RSA are deprecated. Both algorithms are OK to use
for digital signatures (i.e. the signatures cannot be forged now or in
the near future), if their parameters, i.e. the key lengths, are chosen
correctly. The RSA algorithm can also be used for public-key encryption, but
that is not recommended, because there are better ways to accomplish
that and also because some older variants of using RSA for encryption
are broken. (Despite that, most HTTPS Web sites are still using obsolete
SSL libraries or configurations, which also use RSA for encryption, not
only for authentication). DSA and RSA are the only digital signature algorithms that are both
standardized and free from patents. There was a time when RSA was not
recommended because it was covered by a patent, but now that patent has
expired. There are also other digital signature algorithms that are
better for some applications, e.g. Rabin-Williams, which can be verified
much faster than RSA, but they are not standardized (except in IEEE
1363, which is not widely implemented yet). Other algorithms, like
those using elliptic curves, are claimed to be covered by US patents, so
they cannot be recommended while there are free alternatives. For RSA, a 1536-bit key pair is recommended now for most uses e.g.
SSH public-key authentication, but longer keys shall be used for signing
documents that should not be forged even after many years.
Nevertheless, most Web sites that use HTTPS, have only 1024-bit RSA key
pairs, those are still reasonably secure for now, but in a few years
they will become breakable. An 1536-bit RSA public/private key pair
requires about the same time for breaking as a 90-bit key of a
secret-key algorithm. Nonetheless, in reality 1536-bit RSA is much more
secure than 90-bit, because either a huge memory (much beyond what is
currently possible) is needed for the computation or, if the memory is
unavailable, the computation becomes much slower, so the RSA key will be
equivalent in strength with a longer secret key. RSA is more appropriate for signing certificates, because it can be
verified faster, but for the authentication of the initial message
exchange in network connection establishments, like in IPsec, TLS/SSL or
SSH, DSA can be better, because there are an equal number of signing and
verification operations, so only the sum of the execution times for
signing and verification matters. DSA has the advantage that it has the
same security as RSA at a shorter key length, i.e. 1280-bit DSA has
about the same security as 1536-bit RSA. For that reason I always use
1280-bit DSA key pairs for SSH authentication, i.e. the keys are
generated with "ssh-keygen -t dsa -b 1280", both for the server host key
and for the users' workstations. DSA has a disadvantage that is not a property of the algorithm but
only of its implementation in OpenSSL, OpenSSH and other common
programs, it has several parameters that must be increased
simultaneously for better security, but applications like ssh-keygen let
you specify only the key length and they keep the other parameters
unchanged. Because of that it is absolutely useless to increase the DSA
key length beyond 1280-bit, because the security is not improven. On
the other hand, with RSA you can specify 2048-bit, 3072-bit or longer
key pairs, if you so desire. Best regards !
rsa or dsa?的更多相关文章
- 加密算法(对称加密)AES、DES (非对称加密)RSA、DSA
目前主流的加密方式有:(对称加密)AES.DES (非对称加密)RSA.DSA
- ssh-add - 向认证代理添加 RSA 或 DSA 身份数据
总览 (SYNOPSIS) ssh-add [-lLdDx ] [-t life ] [file ... ] ssh-add -s reader ssh-add -e reader 描述 (DESCR ...
- RSA,DSA,ECDSA,EdDSA和Ed25519的区别
RSA,DSA,ECDSA,EdDSA和Ed25519的区别 用过ssh的朋友都知道,ssh key的类型有很多种,比如dsa.rsa. ecdsa.ed25519等,那这么多种类型,我们要如何选择呢 ...
- OpenSSH 密钥管理:RSA/DSA 认证(转载)
我们中有许多人把优秀的 OpenSSH用作古老的 telnet 和 rsh 命令的替代品,OpenSSH 不仅是安全的而且是加密的. OpenSSH 更加吸引人的特性之一是它能够使用基于一对互补的数字 ...
- [转]RSA,DSA等加解密算法介绍
From : http://blog.sina.com.cn/s/blog_a9303fd90101cgw4.html 1) MD5/SHA MessageDigest是一个数据的数字指纹. ...
- OpenSSH的RSA/DSA密钥认证系统
OpenSSH的RSA/DSA密钥认证系统,它可以代替OpenSSH缺省使用的标准安全密码认证系统. OpenSSH的RSA和DSA认证协议的基础是一对专门生成的密钥,分别叫做私用密钥和公用密钥. 使 ...
- RSA/DSA 密钥的工作原理
下面从整体上粗略的介绍了 RSA/DSA 密钥的工作原理.让我们从一种假想的情形开始,假定我们想用 RSA 认证允许一台本地的 Linux 工作站(称作 localbox)打开 remotebox 上 ...
- [转帖]RSA算法与DSA算法的区别
RSA算法与DSA算法的区别 https://cloud.tencent.com/developer/news/254061 文章来源:企鹅号 - SuperFullStack 本文译自:StackE ...
- 浅谈RSA加密算法
一.什么是非对称加密 1.加密的密钥与加密的密钥不相同,这样的加密算法称之为非对称加密 2.密钥分为:公钥,私钥 公钥:可以对外给任何人的加密和解密的密码,是公开的 私钥:通过私钥可以生成公钥,但从 ...
随机推荐
- 第一天学习oc用xcode做的一个加减乘除 圆的面积计算
#import <Foundation/Foundation.h> //这是oc的框架 @interface jisuan : NSObject //申明一个jisuan这样的类 并继 ...
- JVM 设置
按照基本回收策略分 引用计数(Reference Counting) 标记-清除(Mark-Sweep) 复制(Copying) 标记-整理(Mark-Compact) 按分区对待的方式分 增量收集( ...
- android:onKeyDown
android项目中的返回键有时处理不当,会是一个十分麻烦的问题. 在监听物理键时,可以用onKeyDown方法,Activity已经自己有KeyEvent.Callback这个接口了,因为项目有使用 ...
- Nginx运行Laravel的配置
修改nginx.conf.修改前记得备份一下,万一改错了还能还原回去. server { listen 80; server_name localhost; set $root_path '/usr/ ...
- makesfx.exe (Make SFX (Self-extracting archive))
来源: http://www.cr173.com/soft/5500.html http://74.cz/en/make-sfx/ 官方,最新 Make SFX 是一套Win32平台下能让您制作自解压 ...
- 直接用request.setAttribute()会报错,在这之前应该先让request获取ServletActionContext.getRequest();方法 // request.getAttribute同理
正确流程应该是 import javax.servlet.http.HttpServletRequest; HttpServletRequst request = ServletActionConte ...
- wpf之数据触发器DataTrigger
wpf, 根据绑定的属性的值的不同(数据分类),界面上显示不同的控件(绑定不同类型的属性),可以使用数据库触发器DataTrigger实现这一功能. 实现的效果如下: 首先建立实体类: 更改通知类: ...
- C语言 - pthread
pthread_create函数 原型:int pthread_create((pthread_t *thread, pthread_attr_t *attr, void *(*start ...
- shell 入门教程
打开文本编辑器,新建一个文件,扩展名为sh(sh代表shell),扩展名并不影响脚本执行,见名知意就好. 一 惯例,第一个shell #!/bin/bash echo "Hello ...
- Cloudsim 3.0在myclipse下的安装过程
(1)下载cloudsim 3.0: http://code.google.com/p/cloudsim/downloads/list (2)下载flanaga.jar包 下载地址:http://w ...