January 21st, 2014, 10:32 PM
RSA vs DSA Keys?
I know it's been revealed that the NSA and RSA were in cahoots, and I'm setting up public/private key pairs for my server. So I'm curious if an RSA key is better than the DSA alternative.
It seems DSA can only be 1024 bits while RSA can be up to 4096. I'm new to key pairs and stuff so please forgive my ignorance.
What I'm really asking... Which should be considered more secure now: DSA-1024 or RSA-4096?
January 22nd, 2014, 06:03 AM
according to the NIST, RSA and DSA are equally strong. So DSA with 1024 bits would be much weaker than RSA with 4096 bits. Is there any reason why you chose this particular key size?
The general recommendation is to use a minimum of 2048 bits (for either algorithm). 3072 gives you a security level comparable with AES-128. And anything beyond that is probably overkill.
As to RSA vs. DSA: Since RSA is much more common, I see no reason for not going with it. DSA is also more sensitive in that screwing up the parameters will reveal the private key.
So my recommendation (as a non-cryptographer) would be RSA with 3072 or 4096 bits.
February 4th, 2014, 12:55 AM
Possibly, the original poster was confused by the initials "RSA" standing for both a US private company (RSA Security LLC) and the famous public-key algorithm for encryption and digital signatures.
That RSA Security was (at least allegedly) involved in intentionally weakening information security, has nothing to do with the security (or possible insecurity) of the RSA algorithm.
To my knowledge, the inventors of the RSA algorithm (and founders of the corporation) have not been part of the corporation for many years.
RSA is a well-studied algorithm, and there is good reason to believe that when used properly -- and with sufficiently large keys -- it is secure, and will remain secure for years to come.
Even if the mythical "quantum computers" ever become a practical reality, it is likely that scaling them up to the size needed for 4096-bit RSA would take a number of years at least (specifically, even if someone could build a quantum computer to factor 1024-bit RSA moduli, making a quantum computer able to factor 4096-bit moduli would be a MUCH HARDER problem).
February 4th, 2014, 02:34 AM
I must have skipped the NSA part. Then it's pretty funny to consider DSA as an alternative, given that this ones comes straight from the NSA.