You know, at least when I’ve had to generate RSA keys for SSH, it seems like the highest I can possibly do is 4096. Just makes me wonder why you can’t generate a key of any links that’s a multiple of 1024. Such as, what if I wanted a 20,480 bit key?
I believe you can with openssl, but it will take lots of time both generating and using the key. Think you sign something with that key, and the other party is using a low end device. He might take few mintues to verify the signature. The drawbacks just outweight the benefits. Security is a balancing act between complexity and usability.
Current recommendation is to stop using RSA in new deployments altogether. ECC is preferred now, and the major programs (OpenTLS, OpenSSH, etc.) support it.
You know, at least when I’ve had to generate RSA keys for SSH, it seems like the highest I can possibly do is 4096. Just makes me wonder why you can’t generate a key of any links that’s a multiple of 1024. Such as, what if I wanted a 20,480 bit key?
Does consumer grade hardware to decrypt(in seconds not hours) such a key exists today?
I believe you can with
openssl, but it will take lots of time both generating and using the key. Think you sign something with that key, and the other party is using a low end device. He might take few mintues to verify the signature. The drawbacks just outweight the benefits. Security is a balancing act between complexity and usability.Current recommendation is to stop using RSA in new deployments altogether. ECC is preferred now, and the major programs (OpenTLS, OpenSSH, etc.) support it.
Thats ECDSA correct? Or is that something different?
Yup, that’s an implementation that uses ECC (elliptic curve cryptography).