-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi,
might be nitpick, but.. On 08/13/2015 05:17 AM, Mike Frysinger wrote: > +Your best option is to generate new keys using newer types such as > rsa +or ecdsa or ed25519. RSA keys will give you the greatest > portability +with other clients/servers while ed25519 will get you > the best security +with OpenSSH (but requires recent versions of > client & server). Strictly speaking DSA/DSS is newer than RSA (FIPS-186-1 came in early 90's, RSA around since 70s, although the ElGamal signature scheme was around before that). ECC gives a better performance on the same security level when comparing to DSA/RSA, however claiming better security in general isn't necessarily valid, Ed25519 is a signature scheme over Curve25519 which is a 256 bit curve generally considered to be 128 bit security level, roughly comparable to a 3072 bit RSA key. (as a side note, it seems OpenSSH was not updated for FIPS-186-3 that adds other key lengths to DSA, but refers to DSA to mean FIPS-186-2) - -- Kristian Fiskerstrand Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJVzEChAAoJECULev7WN52F9RgH/2ogCdlZv+RoY7fwaTrviyFK oAzDRubkCPuIFAuERgqpkPlnu692tnNXXtJ6w4krSpg4lFSeh7KPPYM/C9dA++V4 7/oyCuOiQ6pxcQlHa1dTpCQjdWAOE5SL0os4Fy81hVGAvZgPGubRQSelBe9UUE4U tP7Z+5FW/bnX91K0OZEl75qoKvLT4xqhWNUiLG3V1aUCN+DC7ZaSJkoC27vd+l+b iqetcOzudojT4DyltO+dIkzQeSlaMF6qZnmq+MJU5m9b8U9ACw30YalD8awumN21 6cK0nOOxQI4M0VRLjl+9xMLrYnuQbeJnN3JBZpKnTcZ5S3hs0DPfhvTcAv0pyaw= =LHJd -----END PGP SIGNATURE-----
