forked from tilde.black/docs
stubbing out new article on ed25519 keys
This commit is contained in:
parent
4a8204b8a8
commit
fe0fa7a5c2
|
@ -0,0 +1,32 @@
|
|||
# Stronger SSH Keys
|
||||
|
||||
Have a look in your `~/.ssh` folder and browse through your keys. How many are
|
||||
using a recent encryption method or a long bit-length? RSA keys are far and
|
||||
away the most popular, and if you're using it with a bit-length that's 2048 or
|
||||
lower, you may be in danger.
|
||||
|
||||
Let's review the common options:
|
||||
|
||||
- DSA: No longer supported and unsafe.
|
||||
|
||||
- RSA: Key bit lengths greater than 3072 are still safe, but get lengthy. 1024
|
||||
keys are officially "unsafe". The clock is ticking on RSA of any key length as
|
||||
it has no protection from quantum computing.
|
||||
|
||||
ECDSA: The cryptographic safety of these keys depend on your specific hardware,
|
||||
and older/weaker machines may have insufficient entropy. The mathematics in use
|
||||
are not completely trusted by the security community.
|
||||
|
||||
Ed25519: An EdDSA implementation using the [Twisted Edwards
|
||||
curve](https://en.wikipedia.org/wiki/Twisted_Edwards_curve)! These keys are
|
||||
strong, have protection from quantum techniques, and generate a tiny public key
|
||||
that's only 68 characters long. They can be generated quickly en mass.
|
||||
|
||||
Ed25519 is the best recommendation in 2019.
|
||||
|
||||
## Generate an ed25519 key
|
||||
|
||||
ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519
|
||||
|
||||
|
||||
_[In progress]_
|
|
@ -8,6 +8,8 @@ pages:
|
|||
- 'Sign Up': 'sign-up.md'
|
||||
- 'SSH over tor': 'ssh-over-tor.md'
|
||||
- 'Tilde Net News': 'net-news.md'
|
||||
- Security:
|
||||
- 'Stronger SSH Keys': 'ed25519.md'
|
||||
theme:
|
||||
name: material
|
||||
palette:
|
||||
|
|
Loading…
Reference in New Issue