Comment on 512-bit RSA key in home energy system gives control of “virtual power plant”
solrize@lemmy.world 2 months agoCurrent recommendation is to stop using RSA in new deployments altogether. ECC is preferred now, and the major programs (OpenTLS, OpenSSH, etc.) support it.
shortwavesurfer@lemmy.zip 2 months ago
Thats ECDSA correct? Or is that something different?
sugar_in_your_tea@sh.itjust.works 2 months ago
Yup, that’s an implementation that uses ECC (elliptic curve cryptography).
solrize@lemmy.world 2 months ago
ECDSA is elliptic curve digital signature algorithm. Key exchange is usually done with ECDH (elliptic curve Diffie-Hellman. There has been some debate on the exact best way to do ECDH, but I think the FOSS world is currently settled on Curve25519. Anyway, it is best to leave stuff like that to specialists if you’re not one yourself. As mentioned, OpenSSL and OpenSSH both provide working implementations so go ahead and use them. The NIST curve P256 is also perfectly fine as far as anyone can tell. It has a mathematical drawback that it’s especially easy to make mistakes and screw up the security if you don’t know what you’re doing, but the deployed implementations that are out there have been checked carefully and should be ok to use. Bitcoin uses P256 so if anything were wrong with it, someone would have broken it and gotten pretty darn rich ;).