[ale] Best kind of ssh key

Evan Pitstick bikingnerd at comcast.net
Tue Sep 25 12:39:14 EDT 2007


I have read a lot of conflicting information about the better ssh key
type lately. My understanding before was that DSA was a stronger keytype
however, i saw this yesterday on the PUTTY FAQ.

"DSA has a major weakness if badly implemented: it relies on a random
number generator to far too great an extent. If the random number
generator produces a number an attacker can predict, the DSA private key
is exposed - meaning that the attacker can log in as you on all systems
that accept that key.

The PuTTY policy changed because the developers were informed of ways to
implement DSA which do not suffer nearly as badly from this weakness,
and indeed which don't need to rely on random numbers at all. For this
reason we now believe PuTTY's DSA implementation is probably OK.
However, if you have the choice, we still recommend you use RSA
instead."

What do you guys think?



More information about the Ale mailing list