[ale] Best kind of ssh key
Jim Popovitch
yahoo at jimpop.com
Tue Sep 25 13:29:36 EDT 2007
On Tue, 2007-09-25 at 12:37 -0400, Evan Pitstick wrote:
> I have read a lot of conflicting information about the better ssh key
> type lately. My understanding before was that DSA was a stronger keytype
> however, i saw this yesterday on the PUTTY FAQ.
>
> "DSA has a major weakness if badly implemented: it relies on a random
> number generator to far too great an extent. If the random number
> generator produces a number an attacker can predict, the DSA private key
> is exposed - meaning that the attacker can log in as you on all systems
> that accept that key.
>
> The PuTTY policy changed because the developers were informed of ways to
> implement DSA which do not suffer nearly as badly from this weakness,
> and indeed which don't need to rely on random numbers at all. For this
> reason we now believe PuTTY's DSA implementation is probably OK.
> However, if you have the choice, we still recommend you use RSA
> instead."
>
> What do you guys think?
PuTTY is Windows software... so perhaps that speaks volumes about
randomness and predictability on Windows systems.
-Jim P.
More information about the Ale
mailing list