1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
Hi, |
5 |
|
6 |
might be nitpick, but.. |
7 |
|
8 |
On 08/13/2015 05:17 AM, Mike Frysinger wrote: |
9 |
|
10 |
> +Your best option is to generate new keys using newer types such as |
11 |
> rsa +or ecdsa or ed25519. RSA keys will give you the greatest |
12 |
> portability +with other clients/servers while ed25519 will get you |
13 |
> the best security +with OpenSSH (but requires recent versions of |
14 |
> client & server). |
15 |
|
16 |
Strictly speaking DSA/DSS is newer than RSA (FIPS-186-1 came in early |
17 |
90's, RSA around since 70s, although the ElGamal signature scheme was |
18 |
around before that). ECC gives a better performance on the same |
19 |
security level when comparing to DSA/RSA, however claiming better |
20 |
security in general isn't necessarily valid, Ed25519 is a signature |
21 |
scheme over Curve25519 which is a 256 bit curve generally considered |
22 |
to be 128 bit security level, roughly comparable to a 3072 bit RSA key. |
23 |
|
24 |
(as a side note, it seems OpenSSH was not updated for FIPS-186-3 that |
25 |
adds other key lengths to DSA, but refers to DSA to mean FIPS-186-2) |
26 |
|
27 |
|
28 |
|
29 |
|
30 |
- -- |
31 |
Kristian Fiskerstrand |
32 |
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net |
33 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |
34 |
-----BEGIN PGP SIGNATURE----- |
35 |
|
36 |
iQEcBAEBCgAGBQJVzEChAAoJECULev7WN52F9RgH/2ogCdlZv+RoY7fwaTrviyFK |
37 |
oAzDRubkCPuIFAuERgqpkPlnu692tnNXXtJ6w4krSpg4lFSeh7KPPYM/C9dA++V4 |
38 |
7/oyCuOiQ6pxcQlHa1dTpCQjdWAOE5SL0os4Fy81hVGAvZgPGubRQSelBe9UUE4U |
39 |
tP7Z+5FW/bnX91K0OZEl75qoKvLT4xqhWNUiLG3V1aUCN+DC7ZaSJkoC27vd+l+b |
40 |
iqetcOzudojT4DyltO+dIkzQeSlaMF6qZnmq+MJU5m9b8U9ACw30YalD8awumN21 |
41 |
6cK0nOOxQI4M0VRLjl+9xMLrYnuQbeJnN3JBZpKnTcZ5S3hs0DPfhvTcAv0pyaw= |
42 |
=LHJd |
43 |
-----END PGP SIGNATURE----- |