[Bug 237391] Re: ssh-keygen should default to dsa not rsa

Neal McBurnett neal at bcn.boulder.co.us
Wed Jun 4 19:59:09 BST 2008

I expect that someone someday will again make a bad random number
generator.  Maybe some proprietary box that I am pressured to use.  I
don't want my keys to be vulnerable just because I use them on a machine
that doesn't get RNGs right.  DSA is vulnerable to that problem, and RSA
is not.

I agree that using a longer default key length in RSA (and in DSA also)
is a good idea at this point.  E.g. jdstrand points out that in the
openssl file /etc/ssl/openssl.cnf  default_bits is still 1024.  That
should be fixed, via a different bug report.

ssh-keygen should default to dsa not rsa
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.

More information about the Ubuntu-server-bugs mailing list