Comment 5 for bug 237391

I expect that someone someday will again make a bad random number generator. Maybe some proprietary box that I am pressured to use. I don't want my keys to be vulnerable just because I use them on a machine that doesn't get RNGs right. DSA is vulnerable to that problem, and RSA is not.

I agree that using a longer default key length in RSA (and in DSA also) is a good idea at this point. E.g. jdstrand points out that in the openssl file /etc/ssl/openssl.cnf default_bits is still 1024. That should be fixed, via a different bug report.