easy-admin icon indicating copy to clipboard operation
easy-admin copied to clipboard
verified publisher icon egberts

SSH: Discontinue use of P256 part of ECDSA

Open egberts opened this issue 2 years ago • 0 comments

During server algorithm key exchange (KEX) neogitation, The NIST P256 part of ECDSA should be avoided.

Instead, recommends ecdh-sha2-nistp521 ecdh-sha2-nistp384

This author leans toward avoidance of P384 as penalty cost of P521 is minimal and only during key exchange. No citation.

egberts avatar Nov 06 '23 12:11 egberts