http://www.linuxquestions.org/questions/linux-security-4/which-is-better-rsa-or-dsa-public-key-12593/
http://leaf.dragonflybsd.org/mailarchive/users/2005-01/msg00140.html
http://www.seedmuse.com/rsa_edit.htm

So, what about "(b) RSA is just a better protocol [(algorighm)]"?

From: Adrian Bocaniciu <a.bocaniciu@xxxxxxxxxxxx>
Date: Tue, 18 Jan 2005 20:27:22 +0000 
 I've read a few pieces which recommend RSA over DSA, although most

	Re:

 RSA vs DSA

Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Content-Transfer-Encoding: 7bit

Kris Maglione wrote:

 > So, what about "(b) RSA is just a better protocol [(algorighm)]"?

 > I've read a few pieces which recommend RSA over DSA, although most

 > crypto programs (OpenSSL/SSH etc.) say RSA is depricated/a last resort.

 > Any insights?

    Neither DSA nor RSA are deprecated.  Both algorithms are OK to use

for digital signatures (i.e. the signatures cannot be forged now or in

the near future), if their parameters, i.e. the key lengths, are chosen

correctly.

    The RSA algorithm can also be used for public-key encryption, but

that is not recommended, because there are better ways to accomplish

that and also because some older variants of using RSA for encryption

are broken. (Despite that, most HTTPS Web sites are still using obsolete

SSL libraries or configurations, which also use RSA for encryption, not

only for authentication).

    DSA and RSA are the only digital signature algorithms that are both

standardized and free from patents.  There was a time when RSA was not

recommended because it was covered by a patent, but now that patent has

expired.  There are also other digital signature algorithms that are

better for some applications, e.g. Rabin-Williams, which can be verified

much faster than RSA, but they are not standardized (except in IEEE

1363, which is not widely implemented yet).  Other algorithms, like

those using elliptic curves, are claimed to be covered by US patents, so

they cannot be recommended while there are free alternatives.

    For RSA, a 1536-bit key pair is recommended now for most uses e.g.

SSH public-key authentication, but longer keys shall be used for signing

documents that should not be forged even after many years.

Nevertheless, most Web sites that use HTTPS, have only 1024-bit RSA key

pairs, those are still reasonably secure for now, but in a few years

they will become breakable.  An 1536-bit RSA public/private key pair

requires about the same time for breaking as a 90-bit key of a

secret-key algorithm.  Nonetheless, in reality 1536-bit RSA is much more

secure than 90-bit, because either a huge memory (much beyond what is

currently possible) is needed for the computation or, if the memory is

unavailable, the computation becomes much slower, so the RSA key will be

equivalent in strength with a longer secret key.

    RSA is more appropriate for signing certificates, because it can be

verified faster, but for the authentication of the initial message

exchange in network connection establishments, like in IPsec, TLS/SSL or

SSH, DSA can be better, because there are an equal number of signing and

verification operations, so only the sum of the execution times for

signing and verification matters.  DSA has the advantage that it has the

same security as RSA at a shorter key length, i.e. 1280-bit DSA has

about the same security as 1536-bit RSA.  For that reason I always use

1280-bit DSA key pairs for SSH authentication, i.e. the keys are

generated with "ssh-keygen -t dsa -b 1280", both for the server host key

and for the users' workstations.

    DSA has a disadvantage that is not a property of the algorithm but

only of its implementation in OpenSSL, OpenSSH and other common

programs, it has several parameters that must be increased

simultaneously for better security, but applications like ssh-keygen let

you specify only the key length and they keep the other parameters

unchanged.  Because of that it is absolutely useless to increase the DSA

key length beyond 1280-bit, because the security is not improven.  On

the other hand, with RSA you can specify 2048-bit, 3072-bit or longer

key pairs, if you so desire.

       Best regards !

rsa or dsa?的更多相关文章

  1. 加密算法(对称加密)AES、DES (非对称加密)RSA、DSA

    目前主流的加密方式有:(对称加密)AES.DES        (非对称加密)RSA.DSA

  2. ssh-add - 向认证代理添加 RSA 或 DSA 身份数据

    总览 (SYNOPSIS) ssh-add [-lLdDx ] [-t life ] [file ... ] ssh-add -s reader ssh-add -e reader 描述 (DESCR ...

  3. RSA,DSA,ECDSA,EdDSA和Ed25519的区别

    RSA,DSA,ECDSA,EdDSA和Ed25519的区别 用过ssh的朋友都知道,ssh key的类型有很多种,比如dsa.rsa. ecdsa.ed25519等,那这么多种类型,我们要如何选择呢 ...

  4. OpenSSH 密钥管理:RSA/DSA 认证(转载)

    我们中有许多人把优秀的 OpenSSH用作古老的 telnet 和 rsh 命令的替代品,OpenSSH 不仅是安全的而且是加密的. OpenSSH 更加吸引人的特性之一是它能够使用基于一对互补的数字 ...

  5. [转]RSA,DSA等加解密算法介绍

    From : http://blog.sina.com.cn/s/blog_a9303fd90101cgw4.html 1)      MD5/SHA MessageDigest是一个数据的数字指纹. ...

  6. OpenSSH的RSA/DSA密钥认证系统

    OpenSSH的RSA/DSA密钥认证系统,它可以代替OpenSSH缺省使用的标准安全密码认证系统. OpenSSH的RSA和DSA认证协议的基础是一对专门生成的密钥,分别叫做私用密钥和公用密钥. 使 ...

  7. RSA/DSA 密钥的工作原理

    下面从整体上粗略的介绍了 RSA/DSA 密钥的工作原理.让我们从一种假想的情形开始,假定我们想用 RSA 认证允许一台本地的 Linux 工作站(称作 localbox)打开 remotebox 上 ...

  8. [转帖]RSA算法与DSA算法的区别

    RSA算法与DSA算法的区别 https://cloud.tencent.com/developer/news/254061 文章来源:企鹅号 - SuperFullStack 本文译自:StackE ...

  9. 浅谈RSA加密算法

    一.什么是非对称加密 1.加密的密钥与加密的密钥不相同,这样的加密算法称之为非对称加密 2.密钥分为:公钥,私钥  公钥:可以对外给任何人的加密和解密的密码,是公开的 私钥:通过私钥可以生成公钥,但从 ...

随机推荐

  1. eclipse添加桌面快捷方式

    linuxmint系统 输入sudogedit /usr/share/applications/eclipse.desktop,在打开的文件中输入以下参数: [Desktop Entry] Encod ...

  2. 线段树+dp+贪心 Codeforces Round #353 (Div. 2) E

    http://codeforces.com/contest/675/problem/E 题目大意:有n个车站,每个车站只能买一张票,这张票能从i+1到a[i].定义p[i][j]为从i到j所需要买的最 ...

  3. 确定当前Python环境中的site-packages目录位置

    引入“搜索路径”这个概念是因为在使用import语句时,当解释器遇到import语句,如果模块在当前的搜索路径就会被导入. 搜索路径是一个解释器会先进行搜索的所有目录的列表. 那么python如何添加 ...

  4. SQL查询表,表的所有字段名,SQL查询表,表的所有字段名

    SQL查询表,表的所有字段名 2011-07-29 10:21:43|  分类: SQLServer |  标签:表  sql  字段   |举报 |字号 订阅   SQL查询表,表的所有字段名 SQ ...

  5. Spring Boot 系列教程1-HelloWorld

    入门 如果你用过Spring JavaConfig的话,会发现虽然没有了xml配置的繁琐,但是使用各种注解导入也是很大的坑, 然后在使用一下Spring Boot,你会有一缕清风拂过的感觉, 真是爽的 ...

  6. NumPy基础:数组和矢量计算

    今天被老板fire了,还是继续抄书吧,安抚我受伤的小心脏.知识还是得慢慢积累,一步一个脚印,这样或许才是最快的捷径. ------2015-2-16-------------------------- ...

  7. jquery 功能强大的下拉菜单

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org ...

  8. 用for while 成绩的有效输入

    #include "stdio.h" void main() { int score,s; printf("请输入你的成绩:"); scanf("%d ...

  9. UVA - 12563 Jin Ge Jin Qu hao (01背包变形)

    此题应该注意两个点,首先背包容量应该缩减为t-1,因为最长的歌不超过三分钟,而劲歌金曲有678s,所以肯定要留出这个时间来.其次注意优先级,保证唱的歌曲数目最多,在此前提下尽可能的延长时间. 处理方法 ...

  10. cocos2d-js 显示帧序列图中的一帧

    1.flashCC中打开库,在一个元件中右键->Generate Sprite Sheet...设置如下: 2.点Export后得到playerWalk.png和playerWalk.plist ...