David Christensen wrote:
>
> AIUI SSH, RSA keys, and SHA-1 are now considered bad practice:
>
> https://news.ycombinator.com/item?id=34196504
SHA-1 is bad practice - true.
But when it comes to RSA vs. ECC, the future is uncertain. We simply don't know
which will prove more resilient in the long run. So, calling RSA "bad practice"
is premature — no one knows for sure.
One advantage of RSA is that key sizes can be scaled up almost indefinitely:
2k, 4k, 8k, 16k, or even 10M bits if you really wanted. ECC, on the other hand,
is constrained by the underlying group structure. You can't simply choose
arbitrary key sizes like 192, 384, or 512 bits within the ED25519 curve -
you're limited by the mathematical properties of the curve, neither you can't
switch with your keys from one ECC group (when broken) to another.
History has shown that not all ECC systems are created equal. Many groups once
considered secure - like Brainpool, SECG, or ANSI curves - have since been
deemed unsafe. The randomness of ANSI-defined curve parameters, for example,
was questioned after it became clear they weren't as "random" as initially
claimed. Today we know that the NIST curves were designed by the NSA, raising
similar concerns as with the Dual_EC_DRBG algorithm - which was later revealed
to be cryptographically weak.
Also, ask yourself: why are ECC key sizes typically powers of two (128, 192,
255, 384), yet we see a 521-bit curve instead of 512? At first glance, 521
looks like 512 - why choose such a misleadingly similar number? What purpose
does that serve?
Personally, I'm sticking with RSA — and I still have the feeling that it's the
more secure option. My opinion is that ECC was pushed by the NSA to phase out
RSA and steer people toward a system that only seems more secure, giving a
false sense of safety.
Best regards,
Klaus.
--
Klaus Singvogel
GnuPG-Key-ID: 1024R/5068792D 1994-06-27
