Re: ssh-add no longer accepts passphrase
David Christensen wrote:
>
> AIUI SSH, RSA keys, and SHA-1 are now considered bad practice:
>
> https://news.ycombinator.com/item?id=34196504
SHA-1 is bad practice - true.
But when it comes to RSA vs. ECC, the future is uncertain. We simply don't know which will prove more resilient in the long run. So, calling RSA "bad practice" is premature — no one knows for sure.
One advantage of RSA is that key sizes can be scaled up almost indefinitely: 2k, 4k, 8k, 16k, or even 10M bits if you really wanted. ECC, on the other hand, is constrained by the underlying group structure. You can't simply choose arbitrary key sizes like 192, 384, or 512 bits within the ED25519 curve - you're limited by the mathematical properties of the curve, neither you can't switch with your keys from one ECC group (when broken) to another.
History has shown that not all ECC systems are created equal. Many groups once considered secure - like Brainpool, SECG, or ANSI curves - have since been deemed unsafe. The randomness of ANSI-defined curve parameters, for example, was questioned after it became clear they weren't as "random" as initially claimed. Today we know that the NIST curves were designed by the NSA, raising similar concerns as with the Dual_EC_DRBG algorithm - which was later revealed to be cryptographically weak.
Also, ask yourself: why are ECC key sizes typically powers of two (128, 192, 255, 384), yet we see a 521-bit curve instead of 512? At first glance, 521 looks like 512 - why choose such a misleadingly similar number? What purpose does that serve?
Personally, I'm sticking with RSA — and I still have the feeling that it's the more secure option. My opinion is that ECC was pushed by the NSA to phase out RSA and steer people toward a system that only seems more secure, giving a false sense of safety.
Best regards,
Klaus.
--
Klaus Singvogel
GnuPG-Key-ID: 1024R/5068792D 1994-06-27
Reply to: