K
K
krll-k2017-06-07 00:01:43
SSH
krll-k, 2017-06-07 00:01:43

What type of ssh key is the most secure and persistent? RSA-2048 racks?

RzpmCpq6wbA.jpg

Answer the question

In order to leave comments, you need to log in

1 answer(s)
K
krll-k, 2017-06-07
@krll-k

Dmitry :

First, DSA is a signing key, not an encryption key. RSA can also encrypt. Mathematically they are about the same.
Second, the DSA cannot be larger than 1024 bits. The 1024 bit key is broken, in theory, using a weak pseudo-random number generator. It is recommended to use at least 2048. And since we cannot use 2048 on DSA, it means that it is not safe.
ECDSA suffers from the same problem as DSA -- potentially easy to hack, theories. There are rumors that the NSA has been using them for their own purposes for a long time.
Ed25519 -- currently the strongest and fastest, does not suffer from the problem of a crooked random number generator, has the strongest passphrase for encrypting a private key. Equals approximately RSA 4096 bits. However, they cannot be compared. How can you compare one never broken lock with another not broken and say which is better? Only time will tell which...
Conclusion: If all your clients support Ed25519, use it. If not, then RSA is at least 2048 bits.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question