| 1 |
On 13 Aug 2015 09:00, Kristian Fiskerstrand wrote: |
| 2 |
> On 08/13/2015 05:17 AM, Mike Frysinger wrote: |
| 3 |
> > +Your best option is to generate new keys using newer types such as |
| 4 |
> > rsa +or ecdsa or ed25519. RSA keys will give you the greatest |
| 5 |
> > portability +with other clients/servers while ed25519 will get you |
| 6 |
> > the best security +with OpenSSH (but requires recent versions of |
| 7 |
> > client & server). |
| 8 |
> |
| 9 |
> Strictly speaking DSA/DSS is newer than RSA (FIPS-186-1 came in early |
| 10 |
> 90's, RSA around since 70s, although the ElGamal signature scheme was |
| 11 |
> around before that). |
| 12 |
|
| 13 |
i'll rephrase: |
| 14 |
-Your best option is to generate new keys using newer types such as rsa |
| 15 |
+Your best option is to generate new keys using strong algos such as rsa |
| 16 |
|
| 17 |
> ECC gives a better performance on the same |
| 18 |
> security level when comparing to DSA/RSA, however claiming better |
| 19 |
> security in general isn't necessarily valid, Ed25519 is a signature |
| 20 |
> scheme over Curve25519 which is a 256 bit curve generally considered |
| 21 |
> to be 128 bit security level, roughly comparable to a 3072 bit RSA key. |
| 22 |
|
| 23 |
using ed25519 allows you to build openssh w/USE=-ssl which does get you |
| 24 |
better security due to the smaller attack surface. but the point of the |
| 25 |
news item is to push people in the right direction w/out getting into a |
| 26 |
dissertation on the nuances/details that people realistically won't grok |
| 27 |
and won't make a difference to them. if they're experts/interested, it |
| 28 |
should be easy to locate additional material (including the linked page). |
| 29 |
-mike |
Archives