SSH Keygen: Is RSA or DSA Better

Here are some of the points to be considered:

* DSA is faster for signature generation but slower for validation, slower when encrypting but faster when decrypting and security can be considered equivalent compared to an RSA key of equal key length.
* The Security of the RSA algorithm is based on the fact that factorization of large integers is known to be “difficult” whereas DSA security is based on the discrete logarithm problem.
* Today, Fastest known algorithm for factoring large integers is the General Number Field Sieve, also fastest algorithm to solve the discrete logarithm problem in finite fields modulo a large prime p as specified for DSA
* In RSA, we don’t ever need a secure random number generator to create signatures whereas, DSA needs a value that has to be random, secret/unpredictable and can never be used.
* RSA keys can go up to 4096 bits, where DSA has to be exactly 1024 bits (although OpenSSL allows for more)

Things in favor of DSA

1. DSA can only be used with SSH protocol 2 while RSA can be used with protocols 1 and 2 (See “SSH 2″ Versus “OpenSSL and OpenSSH Release 2”). Protocol 1 has some significant design flaws and has been replaced by Protocol version 2. I see this as a reason to slightly favor using DSA keys, a sort of built in protection from using the older obsolete protocol.

Things in favor of RSA
1. A bad random number generator will leak DSA key bits
2. The openssh.org web site appears to be mute on the subject of which is better, but the newer versions of ssh-keygen create an RSA key if you do not specify the type
3. There seem to be more (and newer) RFCs referencing RSA keys than DSA keys.