RSA or DSA: What's the definitive answer when generating SSH key pairs? [duplicate]
Possible Duplicate:
SSH keypair generation: RSA or DSA?
Some say use RSA, some say use DSA, some say it doesn't matter.
Some say one is more secure than the other, some say the reverse.
Some say it's a patent issue.
- So, what's the real story here? Pros and cons, etc?
- In the end either will do, but for the fastidious security-minded person, which one is a better fit?
- Should one bother with mandating that the entire company use the same encryption?
Update
Ah, turns out this is an exact dupe of q40071, and the accepted answer there is ok.
Solution 1:
As far as I know, both are equally secure (read: both have no known weaknesses, which is really all you can say). So it does not matter which one you choose.
As far as I know, DSA was introduced because RSA was patented (at least in the USA), and a patent-free alternative was desired.
Solution 2:
I think that possibly the correctness of the implementation is equally important. If you've got a weak implementation of a strong algorithm then you've instantly weakened it
I would have thought that the defaults that are provided are sufficient for most cases. I can't imagine that the authors of any tools would provide default options that were inherently weak