[ale] Best kind of ssh key

Evan Pitstick bikingnerd at comcast.net
Tue Sep 25 13:41:14 EDT 2007


excellent point... anymore incite into the question?

On Tue, 2007-09-25 at 13:29 -0400, Jim Popovitch wrote:
> On Tue, 2007-09-25 at 12:37 -0400, Evan Pitstick wrote:
> > I have read a lot of conflicting information about the better ssh key
> > type lately. My understanding before was that DSA was a stronger keytype
> > however, i saw this yesterday on the PUTTY FAQ.
> > 
> > "DSA has a major weakness if badly implemented: it relies on a random
> > number generator to far too great an extent. If the random number
> > generator produces a number an attacker can predict, the DSA private key
> > is exposed - meaning that the attacker can log in as you on all systems
> > that accept that key.
> > 
> > The PuTTY policy changed because the developers were informed of ways to
> > implement DSA which do not suffer nearly as badly from this weakness,
> > and indeed which don't need to rely on random numbers at all. For this
> > reason we now believe PuTTY's DSA implementation is probably OK.
> > However, if you have the choice, we still recommend you use RSA
> > instead."
> > 
> > What do you guys think?
> 
> PuTTY is Windows software... so perhaps that speaks volumes about
> randomness and predictability on Windows systems.
> 
> -Jim P.
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale



More information about the Ale mailing list