[Sugar-devel] [PATCH 2/2 sugar] Create new owner keys as RSA keys instead of DSA
Sascha Silbe
silbe at activitycentral.com
Tue Nov 15 07:35:33 EST 2011
Sugar currently uses the owner key as an opaque string, not as an actual key.
This means the key type does not yet matter, we can just as easily use an RSA
key. The most important reason to prefer DSA over RSA, the RSA patent, has
expired in 2000 [1]. While DSA is considered secure when used correctly, it
relies on certain properties (e.g. a cryptographically secure PRNG [1]) that
have not always been met in practice [3], with secret key exposure as a
result [4]. RSA is less problematic in this regard.
RSA keys are also more readily usable with other tools (e.g. monkeysphere only
supports RSA keys [5]), enabling Sugar to use a single key to identify the
user for other protocols and purposes than just Collaboration. Examples that
come to mind instantly are web browsing (think a.sl.o) and email (OpenPGP).
[1] http://en.wikipedia.org/wiki/RSA
[2] http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/
[3] http://www.debian.org/security/2008/dsa-1571
[4] http://rdist.root.org/2009/05/17/the-debian-pgp-disaster-that-almost-was/
[5] http://web.monkeysphere.info/news/release-0.24-1/
Signed-off-by: Sascha Silbe <silbe at activitycentral.com>
---
src/jarabe/intro/window.py | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/jarabe/intro/window.py b/src/jarabe/intro/window.py
index f7937b1..6cf1481 100644
--- a/src/jarabe/intro/window.py
+++ b/src/jarabe/intro/window.py
@@ -47,7 +47,7 @@ def create_profile(name, color=None):
import commands
keypath = os.path.join(env.get_profile_path(), 'owner.key')
if not os.path.isfile(keypath):
- cmd = "ssh-keygen -q -t dsa -f %s -C '' -N ''" % keypath
+ cmd = "ssh-keygen -q -t rsa -f %s -C '' -N ''" % keypath
(s, o) = commands.getstatusoutput(cmd)
if s != 0:
logging.error('Could not generate key pair: %d %s', s, o)
--
1.7.7.1
More information about the Sugar-devel
mailing list