Here is a Reuters article dated December 20, :. Reuters - As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U. Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.
Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show. Matt : So we have heard a number of things that we can probably credit for real. Matt : That's exactly right. We now suspect and have strong evidence to believe that the situation was exactly the opposite; that NIST was being used to put out standards that the NSA could break.
Considering these recent revelations the strength of the algorithms seems largely irrelevant. In other words, it really doesn't matter if you are using the random number generators that come with pretty much any modern computer, which OpenSSH and others do. Pick the one that is the fastest for what you want.
In my case, I reuse the same key for a lot of stuff so DSA's faster generation speed is less desirable. I personally just use bit keys because, as we've seen, it really doesn't matter unless someone is placing some requirement on you who still believes bigger keys will protect you.
The whole thing is largely just an annoyance to anyone seeking to break in. Sign up to join this community. The best answers are voted up and rise to the top.
Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. RSA vs. Asked 10 years, 6 months ago. Active 1 year, 4 months ago. Viewed k times. Improve this question.
Tom Leek k 26 26 gold badges silver badges bronze badges. Read the answers below, and you will also find out that bits is sufficient. Really, I don't see why the suggestion is to "choose the fastest key. So DSA was implemented in open source tools. Now all the patents of RSA have expired. Add a comment. Active Oldest Votes. Go with RSA.
So today, you are better off with an RSA or bit key. Improve this answer. Marco A. Sorry, you got it wrong on several points. All SSH clients support this algorithm. It is based on the difficulty of computing discrete logarithms. A key size of would normally be used with it.
DSA in its original form is no longer recommended. This is probably a good algorithm for current applications. Only three key sizes are supported: , , and sic! We would recommend always using it with bits, since the keys are still small and probably more secure than the smaller keys even though they should be safe as well.
Most SSH clients now support this algorithm. Support for it in clients is not yet universal. Thus its use in general purpose applications may not yet be advisable. The algorithm is selected using the -t option and key size using the -b option. The following commands illustrate:. Normally, the tool prompts for the file in which to store the key. This can be conveniently done using the ssh-copy-id tool.
Like this:. Once the public key has been configured on the server, the server will allow any connecting user that has the private key to log in. During the login process, the client proves possession of the private key by digitally signing the key exchange.
A connection to the agent can also be forwarded when logging into a server, allowing SSH commands on the server to use the agent running on the user's desktop.
For more information on using and configuring the SSH agent, see the ssh-agent page. The tool is also used for creating host authentication keys. Host keys are just ordinary SSH key pairs. Each host can have one host key for each algorithm. The host keys are almost always stored in the following files:. The host keys are usually automatically generated when an SSH server is installed.
They can be regenerated at any time. When generating new RSA keys you should use at least bits of key length unless you really have a good reason for using a shorter and less secure key. Another reason for not using DSA is that DSA is a government standard and one may wonder if the key length was limited deliberately so it will be possible for government agencies to decrypt it. The number after the -b specifies the key length in bits.
After executing the command it may take some time to generate the keys as the program waits for enough entropy to be gathered to generate random numbers.
When the key generation is done you would be prompted to enter a filename in which the key will be saved. The public key will have the same filename but it will end with. You should make sure that the key can only be read by you and not by any other user for security reasons. Each generated key can be protected by a passphrase. A good passphrase should be at least 10 characters long. One should stay away from English sentences as their entropy level is just too low to be used as a safe passphrase.
I usually use a randomly generated passphrase, as this kind is considered the most secure. If you create a passphrase-less key just make sure you only put it on trusted hosts as it may compromise the remote machine if the key falls to the wrong hands. After entering you passphrase twice the program will print the key fingerprint, which is some kind of hashing used to distinguish different keys, followed by the default key comment more on key comments later.
After printing the key information the program will terminate. Adding comments to keys can allow you to organize your keys more easily. The comments are stored in end of the public key file and can be viewed in clear text. For example:. As you can see the comment is appended in clear text to the end of the public key file.
To alter the comment just edit the public key file with a plain text editor such as nano or vim. To add a comment to the public key file when generating the key add to the key generation command -C "you comment". Notice that each copy of a public key can have its own comment and you cannot retrieve the comment from the private key.
Passphrases allow you to prevent unauthorized usage of your key by meaning of protecting the key itself by a password. Algorithms using elliptic curves are also based on the assumption that there is no generally efficient solution to solving a discrete log problem.
The computational complexity of the discrete log problem allows both classes of algorithms to achieve the same level of security as RSA with significantly smaller keys. Performance Larger keys require more time to generate. First published in , RSA has the widest support across all SSH clients and languages and has truly stood the test of time as a reliable key generation method. According to NIST standards, achieving bit security requires a key with length bits whereas other algorithms use smaller keys.
Bit security measures the number of trials required to brute-force a key. This number m must be kept privately. The value m is meant to be a nonce, which is a unique value included in many cryptographic protocols. However, the additional conditions of unpredictability and secrecy makes the nonce more akin to a key, and therefore extremely important. Not only is it difficult to ensure true randomness within a machine, but improper implementation can break encryption. For example:.
In other words, the class reused some randomly generated numbers. This exposed a number of different Android-based Bitcoin wallets to having their private keys stolen. The requirements of the nonce m means that any two instances with the same nonce value could be reverse engineered and reveal the private key used to sign transactions. Taking this a step further, fail0verflow discovered the private key used to sign firmware updates for the Sony Playstation 3. In other words, programmers could write their own code, sign it with the revealed private key, and run it on the PS3.
As it turns out, Sony was using the same random number to sign each message. The two examples above are not entirely sincere. In response to the desired speeds of elliptic curves and the undesired security risks, another class of curves has gained some notoriety.
While offering slight advantages in speed over ECDSA, its popularity comes from an improvement in security. Instead of relying on a random number for the nonce value, EdDSA generates a nonce deterministically as a hash making it collision resistant.
Taking a step back, the use of elliptic curves does not automatically guarantee some level of security. Not all curves are the same.
Only a few curves have made it past rigorous testing.
0コメント