docs icon indicating copy to clipboard operation
docs copied to clipboard
verified publisher icon elementary

Use ed25519 for ssh-keygen

Open TheLonelyGhost opened this issue 5 years ago • 0 comments

Prerequisites

  • [x] I have searched open and closed issues for duplicates.

Feature

Is your feature request related to a problem? Please describe.

RSA is an older standard for encryption with known weaknesses. Most SSH implementations made within the past decade (including GitHub) now support eliptical curve crypto, and ed25519 specifically is less compute intensive than rsa 3072.

Describe the solution you'd like

ssh-keygen -t ed25519 -a 100

Existing work

https://medium.com/risan/upgrade-your-ssh-key-to-ed25519-c6e8d60d3c54

Describe alternatives you've considered

  • DSA
  • RSA (4096)
  • ECDSA

Additional context

Depending on the version of ssh-keygen, the default bit length may be 2048, 3072, or 4096. If sticking with RSA, it's likely better to be explicit.

TheLonelyGhost avatar Jul 22 '20 20:07 TheLonelyGhost