[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Best kind of ssh key

Subject: [ale] Best kind of ssh key
From: yahoo at jimpop.com (Jim Popovitch)
Date: Tue Sep 25 13:29:36 2007
In-reply-to: <1190738275.7146.4.camel@evan>
References: <1190738275.7146.4.camel@evan>

On Tue, 2007-09-25 at 12:37 -0400, Evan Pitstick wrote:
> I have read a lot of conflicting information about the better ssh key
> type lately. My understanding before was that DSA was a stronger keytype
> however, i saw this yesterday on the PUTTY FAQ.
> 
> "DSA has a major weakness if badly implemented: it relies on a random
> number generator to far too great an extent. If the random number
> generator produces a number an attacker can predict, the DSA private key
> is exposed - meaning that the attacker can log in as you on all systems
> that accept that key.
> 
> The PuTTY policy changed because the developers were informed of ways to
> implement DSA which do not suffer nearly as badly from this weakness,
> and indeed which don't need to rely on random numbers at all. For this
> reason we now believe PuTTY's DSA implementation is probably OK.
> However, if you have the choice, we still recommend you use RSA
> instead."
> 
> What do you guys think?

PuTTY is Windows software... so perhaps that speaks volumes about
randomness and predictability on Windows systems.

-Jim P.

Follow-Ups:
- [ale] Best kind of ssh key
  - From: bikingnerd at comcast.net (Evan Pitstick)

References:
- [ale] Best kind of ssh key
  - From: bikingnerd at comcast.net (Evan Pitstick)

Prev by Date: [ale] Best kind of ssh key
Next by Date: [ale] Re: Script to send email with attachments
Previous by thread: [ale] Best kind of ssh key
Next by thread: [ale] Best kind of ssh key
Index(es):
- Date
- Thread