http://www.linuxquestions.org/questions/linux-security-4/which-is-better-rsa-or-dsa-public-key-12593/
http://leaf.dragonflybsd.org/mailarchive/users/2005-01/msg00140.html
http://www.seedmuse.com/rsa_edit.htm

So, what about "(b) RSA is just a better protocol [(algorighm)]"?

From: Adrian Bocaniciu <a.bocaniciu@xxxxxxxxxxxx>
Date: Tue, 18 Jan 2005 20:27:22 +0000 
 I've read a few pieces which recommend RSA over DSA, although most

	Re:

 RSA vs DSA

Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Content-Transfer-Encoding: 7bit

Kris Maglione wrote:

 > So, what about "(b) RSA is just a better protocol [(algorighm)]"?

 > I've read a few pieces which recommend RSA over DSA, although most

 > crypto programs (OpenSSL/SSH etc.) say RSA is depricated/a last resort.

 > Any insights?

    Neither DSA nor RSA are deprecated.  Both algorithms are OK to use

for digital signatures (i.e. the signatures cannot be forged now or in

the near future), if their parameters, i.e. the key lengths, are chosen

correctly.

    The RSA algorithm can also be used for public-key encryption, but

that is not recommended, because there are better ways to accomplish

that and also because some older variants of using RSA for encryption

are broken. (Despite that, most HTTPS Web sites are still using obsolete

SSL libraries or configurations, which also use RSA for encryption, not

only for authentication).

    DSA and RSA are the only digital signature algorithms that are both

standardized and free from patents.  There was a time when RSA was not

recommended because it was covered by a patent, but now that patent has

expired.  There are also other digital signature algorithms that are

better for some applications, e.g. Rabin-Williams, which can be verified

much faster than RSA, but they are not standardized (except in IEEE

1363, which is not widely implemented yet).  Other algorithms, like

those using elliptic curves, are claimed to be covered by US patents, so

they cannot be recommended while there are free alternatives.

    For RSA, a 1536-bit key pair is recommended now for most uses e.g.

SSH public-key authentication, but longer keys shall be used for signing

documents that should not be forged even after many years.

Nevertheless, most Web sites that use HTTPS, have only 1024-bit RSA key

pairs, those are still reasonably secure for now, but in a few years

they will become breakable.  An 1536-bit RSA public/private key pair

requires about the same time for breaking as a 90-bit key of a

secret-key algorithm.  Nonetheless, in reality 1536-bit RSA is much more

secure than 90-bit, because either a huge memory (much beyond what is

currently possible) is needed for the computation or, if the memory is

unavailable, the computation becomes much slower, so the RSA key will be

equivalent in strength with a longer secret key.

    RSA is more appropriate for signing certificates, because it can be

verified faster, but for the authentication of the initial message

exchange in network connection establishments, like in IPsec, TLS/SSL or

SSH, DSA can be better, because there are an equal number of signing and

verification operations, so only the sum of the execution times for

signing and verification matters.  DSA has the advantage that it has the

same security as RSA at a shorter key length, i.e. 1280-bit DSA has

about the same security as 1536-bit RSA.  For that reason I always use

1280-bit DSA key pairs for SSH authentication, i.e. the keys are

generated with "ssh-keygen -t dsa -b 1280", both for the server host key

and for the users' workstations.

    DSA has a disadvantage that is not a property of the algorithm but

only of its implementation in OpenSSL, OpenSSH and other common

programs, it has several parameters that must be increased

simultaneously for better security, but applications like ssh-keygen let

you specify only the key length and they keep the other parameters

unchanged.  Because of that it is absolutely useless to increase the DSA

key length beyond 1280-bit, because the security is not improven.  On

the other hand, with RSA you can specify 2048-bit, 3072-bit or longer

key pairs, if you so desire.

       Best regards !

rsa or dsa?的更多相关文章

  1. 加密算法(对称加密)AES、DES (非对称加密)RSA、DSA

    目前主流的加密方式有:(对称加密)AES.DES        (非对称加密)RSA.DSA

  2. ssh-add - 向认证代理添加 RSA 或 DSA 身份数据

    总览 (SYNOPSIS) ssh-add [-lLdDx ] [-t life ] [file ... ] ssh-add -s reader ssh-add -e reader 描述 (DESCR ...

  3. RSA,DSA,ECDSA,EdDSA和Ed25519的区别

    RSA,DSA,ECDSA,EdDSA和Ed25519的区别 用过ssh的朋友都知道,ssh key的类型有很多种,比如dsa.rsa. ecdsa.ed25519等,那这么多种类型,我们要如何选择呢 ...

  4. OpenSSH 密钥管理:RSA/DSA 认证(转载)

    我们中有许多人把优秀的 OpenSSH用作古老的 telnet 和 rsh 命令的替代品,OpenSSH 不仅是安全的而且是加密的. OpenSSH 更加吸引人的特性之一是它能够使用基于一对互补的数字 ...

  5. [转]RSA,DSA等加解密算法介绍

    From : http://blog.sina.com.cn/s/blog_a9303fd90101cgw4.html 1)      MD5/SHA MessageDigest是一个数据的数字指纹. ...

  6. OpenSSH的RSA/DSA密钥认证系统

    OpenSSH的RSA/DSA密钥认证系统,它可以代替OpenSSH缺省使用的标准安全密码认证系统. OpenSSH的RSA和DSA认证协议的基础是一对专门生成的密钥,分别叫做私用密钥和公用密钥. 使 ...

  7. RSA/DSA 密钥的工作原理

    下面从整体上粗略的介绍了 RSA/DSA 密钥的工作原理.让我们从一种假想的情形开始,假定我们想用 RSA 认证允许一台本地的 Linux 工作站(称作 localbox)打开 remotebox 上 ...

  8. [转帖]RSA算法与DSA算法的区别

    RSA算法与DSA算法的区别 https://cloud.tencent.com/developer/news/254061 文章来源:企鹅号 - SuperFullStack 本文译自:StackE ...

  9. 浅谈RSA加密算法

    一.什么是非对称加密 1.加密的密钥与加密的密钥不相同,这样的加密算法称之为非对称加密 2.密钥分为:公钥,私钥  公钥:可以对外给任何人的加密和解密的密码,是公开的 私钥:通过私钥可以生成公钥,但从 ...

随机推荐

  1. jsoup抓取数据

    jsoup的主要功能如下: 1. 从一个URL,文件或字符串中解析HTML: 2. 使用DOM或CSS选择器来查找.取出数据: 3. 可操作HTML元素.属性.文本: 接下来介绍jsoup 是如何优雅 ...

  2. java FLOAT

    System.out.println(""+ 1/2); 得不到0.5,只能得到0. 要想打印出浮点数,必须除数和被除数至少有一个是浮点数,像这样: System.out.prin ...

  3. PHP:class const

    const变量经常被当做常量用在php的类中,隐含的意思是这个变量是常量,不能被修改.编译器会自动检测,如果被赋值会被提示错误警告. 正确实例1: <?php class test { cons ...

  4. [code]最长回文子串

    分析: 不能用scanf("%s"),因为碰到空格或者Tab就会停下来. 解决输入中有空格 方法一:使用fgetc(fin),读取一个打开的文件fin,读取一个字符,然后返回一个i ...

  5. textFiled输入字数的控制问题之—把带输入的拼音也判断了

    一个textFiled,控制只能输入五个字,现在你已经输入了四个字,在输入第五个字的时候,输入一个拼音之后就不能输入后一个拼音,这里把拼音也当成字来判断了,这种情况下就需要_textFiled.mar ...

  6. java 数组变量与数组对象

    数组是否必须初始化 对于这个问题,关键在于要弄清楚数组变量和数组对象的差别.数组变量是存放在栈内存中的,数组对象是存放在堆内存中的.数组变量只是一个引用变量,他能够指向实际的数组对象. 所谓的数组初始 ...

  7. js判断字符串中是否有数字和字母

    var p = /[0-9]/; var b = p.test(string);//true,说明有数字var p = /[a-z]/i; var b = p.test(string);//true, ...

  8. struts2修改文件上传的大小

    那天写了一个web上传图片的程序,明明修改了上传文件的默认值(2M),可就是一直没有起作用 <action name="fileupload" class="upl ...

  9. 【dp 背包变形】 poj 1837

    #include <cstdio> #include <memory.h> #include<iostream> using namespace std; ][]; ...

  10. 学习笔记——抽象工厂模式Abstract Factory

    在工厂模式的基础上,通过为工厂类增加接口,实现其他产品的生产,而不用一类产品就增加一个工厂. 依然以<真菌世界>游戏故事类比,树作为工厂,如果现在有两类树,一类生产快速弄真菌飞机和20毫米 ...