this post was submitted on 09 Aug 2024
88 points (96.8% liked)
Technology
59174 readers
1972 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Current recommendation is to stop using RSA in new deployments altogether. ECC is preferred now, and the major programs (OpenTLS, OpenSSH, etc.) support it.
Thats ECDSA correct? Or is that something different?
Yup, that's an implementation that uses ECC (elliptic curve cryptography).
ECDSA is elliptic curve digital signature algorithm. Key exchange is usually done with ECDH (elliptic curve Diffie-Hellman). There has been some debate on the exact best way to do ECDH, but I think the FOSS world is currently settled on Curve25519. Anyway, it is best to leave stuff like that to specialists if you're not one yourself. As mentioned, OpenSSL and OpenSSH both provide working implementations so go ahead and use them. The NIST curve P256 is also perfectly fine as far as anyone can tell. It has a mathematical drawback that it's especially easy to make mistakes and screw up the security if you don't know what you're doing, but the deployed implementations that are out there have been checked carefully and should be ok to use. Bitcoin uses P256 so if anything were wrong with it, someone would have broken it and gotten pretty darn rich ;).