What I'm hearing in this thread is: "a minority of people on planet Earth have a problem with the open-source implementation of ED25519, but instead of letting that minority choose to re-implement it when/if they want to, the rest of the community needs to stall their progress in improving security." And isn't the ED25519 code is already there on their machine? So isn't that itself already a problem for that minority, regardless of whether or not its used? Either way, that minority can still use "-t rsa". I very often see IT personnel and developers simply use the default options for ssh-keygen. They just don't care/don't know to care. Switching the default to ED25519 would bring the equivalent security up from 112-bits to 128-bits (as 2048-bit RSA is equivalent to 112-bits of symmetric strength), which would be a nice improvement for the community at large. -- Joseph S. Testa II Founder & Principal Security Consultant Positron Security _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
