The US government 🦅 approved way to measure "how secure is this key" is via security strength. NIST SP 800-57 Part 1 Rev. 5 Table 2 ( https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf page 54) specifies different ways of comparing algorithms by security strength. Curve25519, which ed25519 uses, has an order of 2^252 + ${some_stuff} ( src: https://en.wikipedia.org/wiki/Curve25519 ) which makes it comparable to a 3072 bit RSA key per the NIST guidelines. I believe OpenSSH generates 2048 bit RSA keys by default so this would, technically, be more secure. I make no comments on usability for legacy clients ;) Cheers, Ethan On Wed, Nov 9, 2022 at 3:21 PM Thomas Dwyer III <tomiii@xxxxxxxxxx> wrote: > For what it's worth, the current RSA default is FIPS compliant. Although > NIST included ed25519 in FIPS 186-5 and the public comment period closed > more than two years ago, it's still in draft; 186-4 does not include > ed25519 (it does include ecdsa though, with the curves that OpenSSH already > supports). > > > Tom.III > > > On Sun, Nov 6, 2022 at 8:04 PM Damien Miller <djm@xxxxxxxxxxx> wrote: > > > On Mon, 7 Nov 2022, Darren Tucker wrote: > > > > > On Mon, 7 Nov 2022 at 00:51, Job Snijders <job@xxxxxxxxxxx> wrote: > > > [...] > > > > Perhaps now is a good time to make Ed25519 the default when invoking > > > > ssh-keygen(1) without arguments? > > > > > > I don't think so. Outside of DSA (which is REQUIRED in RFC4253 but is > > > considered weak these days), RSA keys are the most widely supported > > > key type and thus most likely to work in any given situation, which > > > makes them an appropriate default. If you know this is not the case > > > for your environment, that's what "-t" is for. > > > > I don't mind using defaults to apply a little nudge towards better > > algorithms. OpenSSH has supported ed25519 keys for almost a decade, > > and RFC 8709 has been a standard for a couple of years. > > > > So I'm cautiously supportive of doing this. > > > > -d > > _______________________________________________ > > openssh-unix-dev mailing list > > openssh-unix-dev@xxxxxxxxxxx > > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
