Security issues won't be caused by that choice anyway the cryptographic algorithms are the strongest part of your whole system, not the weakest. completely up to you, with no rational reason. So, basically, the choice is down to aesthetics, i.e. But, for a given server that you configure, and that you want to access from your own machines, interoperability does not matter much: you control both client and server software. Using P-256 should yield better interoperability right now, because Ed25519 is much newer and not as widespread. However most browsers (including Firefox and Chrome) do not support ECDH any more (dh too). There again, neither is stronger than the other, and speed difference is way too small to be detected by a human user. If you want a signature algorithm based on elliptic curves, then that's ECDSA or Ed25519 for some technical reasons due to the precise definition of the curve equation, that's ECDSA for P-256, Ed25519 for Curve25519. Neither curve can be said to be "stronger" than the other, not practically (they are both quite far in the "cannot break it" realm) nor academically (both are at the "128-bit security level").Įven when ECDH is used for the key exchange, most SSH servers and clients will use DSA or RSA keys for the signatures. The performance difference is very small in human terms: we are talking about less than a millisecond worth of computations on a small PC, and this happens only once per SSH session.
Curve25519 is another curve, whose "sales pitch" is that it is faster, not stronger, than P-256. The signature is so that the client can make sure that it talks to the right server (another signature, computed by the client, may be used if the server enforces key-based client authentication).ĮCDH uses a curve most software use the standard NIST curve P-256. The key exchange yields the secret key which will be used to encrypt data for that session. In SSH, two algorithms are used: a key exchange algorithm (Diffie-Hellman or the elliptic-curve variant called ECDH) and a signature algorithm.
0 kommentar(er)
