RSA vs DSA certificates: who wins in a fight?
Jan 17, 2020
Today, we’re putting two encryption algorithms head to head. DSA vs RSA: which one wins? While the reality is much less dramatic, everyone in cybersecurity should know what the difference is between RSA and DSA encryption. Both are algorithms used in cybersecurity, and they are often used in similar ways. To help out beginners, we'll start with a short introduction of both algorithms.
What is RSA?
RSA is one of the first public-key encryption systems, created in 1977. RSA was discovered by Ron Rivest, Adi Shamir, and Leonard Adleman, whose last names make up the RSA's name. This algorithm took a while before it found its place. However, in the dawn of the internet, RSA spread like wildfire. It wasn't just another encryption algorithm, but a whole new way to exchange secrets remotely. RSA also came with a digital signature.
We have recently explained RSA in a separate blog post. If you'd like to know more about the RSA certificate, check it out.
What is DSA encryption?
DSA (Digital Signature Algorithm) is also an asymmetric-key encryption algorithm which came much later than RSA. Since its development in 1991, the National Institute of Standards and Technology pushed to adopt the algorithm on a federal level. Despite the widespread popularity of the RSA algorithm in the private sector, DSA became the standard for a lot of US government agencies.
Note that we’re not talking here about DSA as an encryption tool like the RSA can be. DSA is only used in digital signatures. In fact, this is a perfect segue into the next part. So, what is a digital signature?
DSA vs RSA: the battle of digital signatures
Asymmetric-key cryptography is based on an exchange of two keys — private and public. Since the public key is accessible to all, anyone could get yours and then contact you pretending to be someone else. Luckily, authentication problems were solved early in the internet age with digital signatures.
Two major parts of a digital signature in public-key cryptography are the sender’s private key and a hash. In simple terms, it’s a condensed version of a message. Regardless of the file type or its size, a hash is only 5-20 symbols long. Keep in mind that hashing is a one-way process, meaning that you can’t turn those symbols back into the message. Its only purpose is to protect you from fake versions of the file. Even if a hacker made the tiniest of changes, the hash would change as well, indicating that the message is no more genuine.
In other words, a digital signature not only guarantees that the sender is authentic but also ensures that the integrity of the message is intact. But how does this knowledge help us in a RSA vs DSA fight? It will help us recognize the differences between RSA and DSA encryption.
What is the difference between RSA and DSA?
First, it’s the algorithm’s use of mathematical problems. Both algorithms use modular arithmetic, but the RSA certificate relies on prime factorization, while DSA uses the discrete logarithm problem. For now, both are considered completely safe.
Another difference between DSA and RSA is speed. The former is a faster signature, but the latter is more efficient at verification. However, since authentication requires both, speed discrepancies might not be as significant as they sound.
Also, DSA only works with a safer, second edition of the Secure Shell (SSH) network protocol. RSA works with SSH2 but is also compatible with the original SSH, which is now considered heavily flawed. So, if you're concerned about accidentally using SSH, DSA may be a better choice.
In other words, the difference between RSA and DSA is in what each can do. RSA can be used as a digital signature and an encryption algorithm. Also, RSA is a block cipher, while DSA is a stream cipher. Compatibility-wise, they are equal. RSA and DSA are both used for the same internet protocols and certificates, like Nettle, OpenSSL, wolfCrypt, Crypto++, and cryptlib.
By now, you probably see that, despite some minor differences, RSA and DSA are pretty similar. This is why we have to call it a draw. OK, we get it: when you get tickets to a massive boxing match, you don't expect a draw. But it happens. This is one of those Fury vs Wilder-type (the original one) situations. But this doesn't mean that RSA vs DSA ending in a draw is bad. On the contrary, it just means that you have two ways to secure your digital signature. And two is always better than one.
Do you have friends who confuse DSA and RSA? Share this article with them by clicking on the social buttons below.
A nerd with a laser focus on all things cybersec. His own words. Oliver’s hobbies away from the computer include reading, Netflix, and testing the limits of yet another Raspberry Pi. To our surprise, this 130-pound ‘nerd’ also bakes a killer pumpkin pie.