??changed: -Q: RSA or DSA? A: RSA. ------------------------ - -We recommend using only RSA keys, not DSA. Full details are at http://meyering.net/nuke-your-DSA-keys/ (and its links); in short, on a system with a buggy OpenSSL library, DSA keys (but not RSA keys) can be easily cracked by an attacker sniffing enough traffic. Q: RSA or DSA? --------------
We recommend using only RSA keys, not DSA. Full details are at `Jim's page <http://meyering.net/nuke-your-DSA-keys/>`_. In short, on a system whose !OpenSSL library has a weak pseudo-random number generator or PRNG (such as the one that `shipped with Debian Etch <http://www.debian.org/security/2008/dsa-1571>`_ in 2007-2008), DSA private keys can be easily deduced by an attacker that sniffed enough of your traffic. Note that this issue is not officially documented by the !OpenSSH project. The following posts in Debian mailing lists tend to confirm it: * http://lists.debian.org/debian-devel/2008/05/msg00341.html * http://lists.debian.org/debian-devel-announce/2008/05/msg00004.html -- forwarded from http://savannah.gnu.org/maintenance/sshaccess#[email protected]/maintenance _______________________________________________ Savannah-cvs mailing list [email protected] http://lists.gnu.org/mailman/listinfo/savannah-cvs
