[nycbug-talk] RSA/DSA for encryption: has it's time come?
Brian Callahan
bcallah at devio.us
Tue Aug 27 19:29:16 EDT 2013
On 8/27/2013 7:24 PM, George Rosamond wrote:
> Okan Demirmen:
>> On Wed, Aug 7, 2013 at 9:58 AM, Isaac (.ike) Levy
>> <ike at blackskyresearch.net> wrote:
>>>
>>> Hi All,
>>>
>>> I'd love to know what people's thoughts are on the state of older
>>> RSA/DSA encryption, versus the future of eliptic curve ECDSA:
>>>
>>> http://www.technologyreview.com/news/517781/math-advances-raise-the-prospect-of-an-internet-security-crisis/
>>>
>>> --
>>> A few years ago, a number of us were wary of the brand-spankin'-new ECC
>>> crypto for use in SSH public keys. And then months later, there were
>>> some ECDSA/ssh implementation problems exposed:
>>>
>>> http://marc.info/?l=openssh-unix-dev&m=130613765816780&w=2
>>>
>>> So, that was 2 years ago, ECDSA implementations are now no longer in
>>> their infancy.
>>>
>>> --
>>> What are people's thoughts on the practicality of starting to use ECDSA
>>> keys?
>>>
>>> Has anyone here seen their use mandated over RSA/DSA in a business setting?
>>> Has anyone just jumped into ECDSA bliss, and not looked back?
>>
>> Not that this might mean much, but I use them.
>>
>> As for policies in a business setting; I gather such technical
>> policies are made by people like you, so it's likely up to what folks
>> like you write in said policies :)
>
> So I'm in the process of getting a client to pickup better practices
> with SSH, and found out even OSX 10.7.5 doesn't support ecdsa.
>
> AFAIK, Putty doesn't either yet, and I doubt SSH for Windows does either.
>
(slightly off-topic but...)
Don't forget to make sure to update your Putty is up-to-date with the
version released earlier this month, as it fixes 4 security holes!
All this other discussion is for naught if we're running insecure
clients (and servers)!
~Brian
More information about the talk
mailing list