SSH DSA logins on crank.

david at lang.hm david at lang.hm
Wed May 21 17:09:41 EDT 2008


On Wed, 21 May 2008, C. Scott Ananian wrote:

> On 5/21/08, david at lang.hm <david at lang.hm> wrote:
>> one reason would be that DSA is more secure then RSA. If you have a copy
>>  of the secret key from one end of the conversation and they are using RSA
>>  you can decrypt the communication, with DSA you cannot do so. There are
>>  several products on the market that take advantage of this fact and have
>>  you load your keys on a seperate box that then intercepts the
>>  communication to your webservers and decrypts the traffic (either inline
>>  or from a tap). With these products you have to configure your webservers
>>  to refuse DSA and only do RSA becouse with DSA they cannot decrypt the
>>  traffic.
>
> Documentation, please?  I think you've misunderstood something you read.

sorry, I mixed up DSA/RSA keys with DH/RSA encryption.

David Lang



More information about the Devel mailing list