strong lock locked padlock
  1. security
  2. system

Don’t use RSA for SSH Keys, use this insead

Written by Posted on Less than 0 min read

tl;dr 😎

RSA Based keys aren’t safe, use EdDSA-based keys instead.

ssh-keygen -o -a 256 -t ed25519 -C "$(hostname)-$(date +'%d-%m-%Y')"

And a long’ish version… 🥲

With the rising era of quantum computing, RSA-based SSH keys are becoming obsolete and easy to overcome.

RSA

Supported by all common major languages, compatible with legacy machines (SHA-1).

Slow to generate (especially when you opt for beefy keys as 2048-bits) and quantum computers are here to crack those keys in no time.

ECDSA

Supported by major languages and compatible with many clients with a nice improvement of key generating over RSA.

However, the way this key is being generated can compromise the private key as not so private anymore.

EdDSA

A fast-performing key with the best length/security ratio, which fixed the security flaws that have been found in ECDSA.

But on the other hand, it’s relatively new and not supported by all the major languages.

Related articles

gray and brown mountain
  1. system
  2. tools

Alternatives to old fella TOP

Explore the world beyond the traditional 'TOP' command in Linux with our comprehensive guide. Dive into the realm of advanced system monitoring and performance management with tools like Htop, Glances, Atop, and many more. These alternatives not only provide a more detailed view of your system's performance but also offer a user-friendly and interactive interface. Whether you're a seasoned Linux administrator or a curious beginner, our guide to alternatives to the 'TOP' command will equip you with the knowledge to efficiently manage and monitor your Linux system. Discover the power of open-source monitoring tools and elevate your Linux command mastery to a new level.
Written by
Next
No Comments
Leave a comment Cancel
Comments to: Don’t use RSA for SSH Keys, use this insead

Your email address will not be published. Required fields are marked *