SSH DSA logins on crank.

C. Scott Ananian cscott at laptop.org
Wed May 21 16:16:16 EDT 2008


On 5/21/08, david at lang.hm <david at lang.hm> wrote:
> one reason would be that DSA is more secure then RSA. If you have a copy
>  of the secret key from one end of the conversation and they are using RSA
>  you can decrypt the communication, with DSA you cannot do so. There are
>  several products on the market that take advantage of this fact and have
>  you load your keys on a seperate box that then intercepts the
>  communication to your webservers and decrypts the traffic (either inline
>  or from a tap). With these products you have to configure your webservers
>  to refuse DSA and only do RSA becouse with DSA they cannot decrypt the
>  traffic.

Documentation, please?  I think you've misunderstood something you read.
 --scott

-- 
                         ( http://cscott.net/ )



More information about the Devel mailing list