SSH keypair generation: RSA or DSA?

ssh security rsa cryptography

RSA is generally preferred (now that the patent issue is over with) because it can go up to 4096 bits, where DSA has to be exactly 1024 bits (in the opinion of ssh-keygen). 2048 bits is ssh-keygen's default length for RSA keys, and I don't see any particular reason to use shorter ones. (The minimum possible is 768 bits; whether that's "acceptable" is situational, I suppose.)


It's not about symmetric or asymetric encryption. It's about particular algorithms (RSA and DSA) requiring higher bit count to achieve acceptable security level. For example, ECC is also an asymmetric encryption, but it provides good security at much lower bit counts than RSA or DSA.


If you have a recent implementation of SSH, you may also consider ECDSA !


256 bit certificates that banks use for SSL connections are symmetric cyphers such as 3DES or AES, hence the lower bit count. When you see 1024 and 2048 (and even 4096) these are asymmetric ciphers.


DSA keys have much shorter signaures than RSA keys (for the same "level of security"), so one reason for using DSA would be in constrained environments.

Related

Is it possible to alias a hostname in Linux?
How to check if I'm in screen session?
How to zip/unzip files in Powershell?
Tell Jenkins to run a specific project on a particular slave node
Where does email sent to *@example.com go? [closed]
"POSSIBLE BREAK-IN ATTEMPT!" in /var/log/secure — what does this mean?
What significance does the user/host at the end of an SSH public key file hold?
What type of DNS record is needed to make a subdomain?
List of files installed from apt package
How to run command as user who has /usr/sbin/nologin as Shell?
How to determine JAVA_HOME on Debian/Ubuntu?
Where can I find data stored by a Windows Service running as "Local System Account"?