{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 劳资没心,怎么记你 的问题《What's the difference between id_rsa.pub and i》','https://www.manongdao.com/q-257157.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Is one more secure than the other?
相关问题
- “Zero out” sensitive String data in Swift
- High cost encryption but less cost decryption
- JavaScript File Transfer SSH
- Why does this bash script work at console but fail
- C# Rijndael decryption returns extra question mark
相关文章
- Check if directory exists on remote machine with s
- Git Clone Fails: Server Certificate Verification F
- decrypt TLS 1.2 AES-GCM packet
- Test if File/Dir exists over SSH/Sudo in Python/Ba
- Can't access AWS CodeCommit with SSH
- Decrypting EnvelopedCms with non-default Algorithm
- How to get the size of a RSA key in Java
- C# AES Rijndael - detecting invalid passwords
One uses DSA and one uses RSA.
SSH uses public/private key pairs, so
id_rsais your RSA private key (based on prime numbers), which is more secure than yourid_dsaDSA private key (based on exponents). Keep your private keys safe and share yourid_rsa.pubandid_dsa.pubpublic keys broadly.DSA is insecure
DSA has a guessable parameter if your computer's random number generator is sub par, which will reveal your secret key. ECDSA (DSA's elliptical curve upgrade) is similarly vulnerable. Even with good random numbers, DSA has other strength concerns
(these are also found in Diffie-Hellman).
OpenSSH creates insecure 1024 bit keys(workaround) and now disables DSA by default.
Use Ed25519 when possible
Elliptic curve cryptography offers increased complexity with smaller key sizes. Ed25519 (based on the complexity of plane-modeled elliptical curves) is the preferred implementation due to its assumed lack of meddling (leaked documents show that the US NSA weakens crypto standards).
Unfortunately, Ed25519 is still rather new, requiring OpenSSH 6.5 or GnuPG 2.1 (see the full list).
Use RSA with 4096 bits when Ed25519 is unavailable
RSA key sizes of 4096 bits should have comparable complexity to Ed25519.
Ed25519 is still preferred to RSA due to a worry that RSA may be vulnerable to the same strength concerns as DSA, though applying that exploit to RSA is expected to be considerably harder.
id_rsa.pubandid_dsa.pubare the public keys forid_rsaandid_dsa.If you are asking in relation to
SSH,id_rsais an RSA key and can be used with the SSH protocol 1 or 2, whereasid_dsais a DSA key and can only be used with SSH protocol 2.Both are very secure, but DSA does seem to be the standard these days (assuming all your clients/servers support SSH 2).Update: Since this was written DSA has been shown to be insecure. More information available in the answer below.
Yes, rsa is considered more secure.
In October 2014, OpenSSH 7 (the default with Ubuntu 16.04LTS) has disabled default support for DSA. Take this as a strong sign that DSA is not a recommended method anymore.
https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html