This is the mail archive of the cygwin-apps@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: RSA or DSA ssh keypairs preferred?


On Mon, Nov 25, 2002 at 08:32:22AM -0000, Max Bowsher wrote:
> Corinna Vinschen <vinschen@redhat.com> wrote:
> > ssh-keygen -t rsa
> >
> > creates an RSA key for SSH2.  This is preferable over RSA1 and DSA
> > keys due to security flaws in both.
> 
> Aha. That's what I wanted to know. Are there any links you know of for
> further info on this?

The SSH1's vulnerability is protocol immanent, described in detail
here: http://www.corest.com/common/showdoc.php?idx=131&idxseccion=10

The DSA key vulnerability is described in the openssh source archive,
file WARNING.RNG but it's so short, I can quote it here:

  A particularly pernicious problem arises with DSA keys (used by the
  ssh2 protocol). Performing a DSA signature (which is required for
  authentication), entails the use of a 160 bit random number.  If an
  attacker can predict this number, then they can deduce your *private*
  key and impersonate you or your hosts.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]