The difference between RSA algorithm and DSA algorithms
This article translated: StackExchange
https://security.stackexchange.com/questions/5096/rsa-vs-dsa-for-ssh-authentication-keys
When we generate ssh keys through certified in Linux / Unix systems (tools required to git bash under windows), you want to (use -t type to) choose to create one pair of RSA or DSA keys. What is the difference between the two? What is the reason people choose to select one without the other?
Go with RSA
DSA signature generation rate (for Digital Signature Algorithm) is fast , verification is slow, slower encryption, decryption speed but fast , safety and RSA key is equal to, and equal to the key length. This is important, now is some of the points.
Security RSA algorithm (can be used for encryption and digital signature) it is based on the fact: large integer factorization is considered 'hard to crack' (difficult), and DSA security is based on the discrete logarithm problem. Today, the fastest known algorithm for factoring large integers block is a universal digital field sieve (can be interpreted as a sieve or improved algorithm is simple and reasonable secondary screen), but also to solve discrete finite domain of the fastest algorithm logarithm problem, the DSA algorithm specified modulo large prime number.
Now, if security can be considered equal, then of course we would favor a faster algorithm, but, again, there is no clear winner.
If your computer has OpenSSL, please run. You will see soon DSA performed when generating the signature, but has validation in the same key length signature speed is much slower. Generally, you have to want to verify (speed) faster if you're dealing with a signed document, (if you) signature is generated only once, that's fine, but the file signatures may eventually be frequent users verify (This is not good, because the validation is very slow).
Both support some form of encryption, RSA and out of the box using EI GAMAL (an asymmetric encryption Diffie-Hellman key exchange algorithm based) of DSA. DSA decryption speed is usually fast, but slower encryption, and RSA is the opposite. Again, you'll want to decrypt faster, because an encrypted document may be frequently decrypted.
From a business perspective, RSA is clearly the winner, commercial RSA certificate is more widely deployed than DSA certificate.
The key is when :( View), said DSA key must be long 1024, in order to meet the NIST (National Institute of Standards and Technology) in the FIPS 186-2 (Digital Signature Standard). Thus, while theoretically possible to have a longer DSA close key (FIPS 186-2 is also expressly permitted them), but you are still limited to 1024.
Today, you'd better use RSA 2048-bit key (you can also generate 4096 RSA key directly) .
FIPS 186-4 specifies three data protection for digital signature generation and verification techniques: Digital Signature Algorithm (DSA), elliptic curve digital signature algorithm (the ECDSA) algorithm and the Rivest-Shamir Adelman (RSA).
postscript
In fact, OpenSSH 7.0 and later by default disables the ssh-dss (DSA) public key algorithm. The official did not give a specific explanation, but which may have OpenSSH, reason DSA key bits generated, while generating random signature poor, may leak private key , and the machine is now in order to calculate the force of a computer, DSA 1024-bit has actually cracked, not recommended.
This issue introduces DSA and RSA on here, how to select specific projects to produce according to the situation, in general, it is recommended that you use the RSA algorithm.
\ (• ㅂ •) / ~ encourage each other