Use of ecdsa is discouraged post Snowden, as the then NIST recommendation as best practice came via the NSA, where the algorithm was chosen for other characteristics, e.g. speed, over max security.
There seem to be concerns amongst some in the cyrpto game that the NSA may have already cracked it. Hence new recommendation from OpenSSH, and ensuing new default, of ed25519. At least that's my understanding. I'm not a crypto guy, nor have I made an in depth study of it. I have, however, stopped using my ecdsa keys in favor of ed25519, and fall back to RSA where not supported. Best-- Ken At Wed, 30 Apr 2014 02:01:33 +0000, Alain O'Dea via smartos-discuss wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The availability of ed25519 keys for SSH has raised the spectre of > internal policy changing to disallow use of RSA and DSA keys: > http://www.tedunangst.com/flak/post/new-openssh-key-format-and-bcrypt-pbkdf > > This is obviously impractical until our systems support it. > > In the mean time we can better protect our RSA keys: > http://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html > > Is there a plan to support ECDSA, ed25519 and other stronger key > formats in sshd? Would it make sense to switch from Sun_SSH to OpenSSH > in SmartOS at some point? > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQEcBAEBAgAGBQJTYFl8AAoJEP0rIXJNjNSALbAH/AxZ2vOqIZwmv08rBdlKtXJy > DBSoblBNd3NqsNLtgOrQbYQXNOrN2gbwAZWJaDcSpquK/fhdnfmLU3CyPyqDhCwP > woet2rwOkvVlcZ3D3Of4ge+/8tK4t58LUhrOGy5Tq/Rge7ID0HA0MMA3g9p45RPY > 1TpmoMt9hVEH3D8F9flOKsFjv/rMKDMzk84sXG4476EXo+GHESs/XFU7/NOQe7lr > qGvdK4DYfaoYM8P7BhNcvlC0mN9N5JX2fMy5LQG+oR1QrBBOkFCbXrZklH3jGCVr > +s98vMKasUSVz0A7EHQgnwcvi33c9gx8VvFU/aQ2C9Mj2v5DdF3bQBEW0GVrPuQ= > =7kS+ > -----END PGP SIGNATURE----- > > > ------------------------------------------- > smartos-discuss > Archives: https://www.listbox.com/member/archive/184463/=now > RSS Feed: https://www.listbox.com/member/archive/rss/184463/25767346-d775c76c > Modify Your Subscription: https://www.listbox.com/member/?&; > Powered by Listbox: http://www.listbox.com ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
