• @[email protected]
    link
    fedilink
    English
    44 months ago

    You know, at least when I’ve had to generate RSA keys for SSH, it seems like the highest I can possibly do is 4096. Just makes me wonder why you can’t generate a key of any links that’s a multiple of 1024. Such as, what if I wanted a 20,480 bit key?

    • umami_wasabi
      link
      fedilink
      English
      5
      edit-2
      4 months ago

      I believe you can with openssl, but it will take lots of time both generating and using the key. Think you sign something with that key, and the other party is using a low end device. He might take few mintues to verify the signature. The drawbacks just outweight the benefits. Security is a balancing act between complexity and usability.

    • @solrize
      link
      English
      54 months ago

      Current recommendation is to stop using RSA in new deployments altogether. ECC is preferred now, and the major programs (OpenTLS, OpenSSH, etc.) support it.

        • @solrize
          link
          English
          1
          edit-2
          4 months ago

          ECDSA is elliptic curve digital signature algorithm. Key exchange is usually done with ECDH (elliptic curve Diffie-Hellman). There has been some debate on the exact best way to do ECDH, but I think the FOSS world is currently settled on Curve25519. Anyway, it is best to leave stuff like that to specialists if you’re not one yourself. As mentioned, OpenSSL and OpenSSH both provide working implementations so go ahead and use them. The NIST curve P256 is also perfectly fine as far as anyone can tell. It has a mathematical drawback that it’s especially easy to make mistakes and screw up the security if you don’t know what you’re doing, but the deployed implementations that are out there have been checked carefully and should be ok to use. Bitcoin uses P256 so if anything were wrong with it, someone would have broken it and gotten pretty darn rich ;).