| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA512 |
| 3 |
|
| 4 |
Hi, |
| 5 |
|
| 6 |
might be nitpick, but.. |
| 7 |
|
| 8 |
On 08/13/2015 05:17 AM, Mike Frysinger wrote: |
| 9 |
|
| 10 |
> +Your best option is to generate new keys using newer types such as |
| 11 |
> rsa +or ecdsa or ed25519. RSA keys will give you the greatest |
| 12 |
> portability +with other clients/servers while ed25519 will get you |
| 13 |
> the best security +with OpenSSH (but requires recent versions of |
| 14 |
> client & server). |
| 15 |
|
| 16 |
Strictly speaking DSA/DSS is newer than RSA (FIPS-186-1 came in early |
| 17 |
90's, RSA around since 70s, although the ElGamal signature scheme was |
| 18 |
around before that). ECC gives a better performance on the same |
| 19 |
security level when comparing to DSA/RSA, however claiming better |
| 20 |
security in general isn't necessarily valid, Ed25519 is a signature |
| 21 |
scheme over Curve25519 which is a 256 bit curve generally considered |
| 22 |
to be 128 bit security level, roughly comparable to a 3072 bit RSA key. |
| 23 |
|
| 24 |
(as a side note, it seems OpenSSH was not updated for FIPS-186-3 that |
| 25 |
adds other key lengths to DSA, but refers to DSA to mean FIPS-186-2) |
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
- -- |
| 31 |
Kristian Fiskerstrand |
| 32 |
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net |
| 33 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |
| 34 |
-----BEGIN PGP SIGNATURE----- |
| 35 |
|
| 36 |
iQEcBAEBCgAGBQJVzEChAAoJECULev7WN52F9RgH/2ogCdlZv+RoY7fwaTrviyFK |
| 37 |
oAzDRubkCPuIFAuERgqpkPlnu692tnNXXtJ6w4krSpg4lFSeh7KPPYM/C9dA++V4 |
| 38 |
7/oyCuOiQ6pxcQlHa1dTpCQjdWAOE5SL0os4Fy81hVGAvZgPGubRQSelBe9UUE4U |
| 39 |
tP7Z+5FW/bnX91K0OZEl75qoKvLT4xqhWNUiLG3V1aUCN+DC7ZaSJkoC27vd+l+b |
| 40 |
iqetcOzudojT4DyltO+dIkzQeSlaMF6qZnmq+MJU5m9b8U9ACw30YalD8awumN21 |
| 41 |
6cK0nOOxQI4M0VRLjl+9xMLrYnuQbeJnN3JBZpKnTcZ5S3hs0DPfhvTcAv0pyaw= |
| 42 |
=LHJd |
| 43 |
-----END PGP SIGNATURE----- |
Archives