[nycbug-talk] RSA/DSA for encryption: has it's time come?
Okan Demirmen
okan at demirmen.com
Tue Aug 27 21:48:11 EDT 2013
On Tue, Aug 27, 2013 at 7:24 PM, George Rosamond
<george at ceetonetechnology.com> wrote:
> Okan Demirmen:
>> On Wed, Aug 7, 2013 at 9:58 AM, Isaac (.ike) Levy
>> <ike at blackskyresearch.net> wrote:
>>>
>>> Hi All,
>>>
>>> I'd love to know what people's thoughts are on the state of older
>>> RSA/DSA encryption, versus the future of eliptic curve ECDSA:
>>>
>>> http://www.technologyreview.com/news/517781/math-advances-raise-the-prospect-of-an-internet-security-crisis/
>>>
>>> --
>>> A few years ago, a number of us were wary of the brand-spankin'-new ECC
>>> crypto for use in SSH public keys. And then months later, there were
>>> some ECDSA/ssh implementation problems exposed:
>>>
>>> http://marc.info/?l=openssh-unix-dev&m=130613765816780&w=2
>>>
>>> So, that was 2 years ago, ECDSA implementations are now no longer in
>>> their infancy.
>>>
>>> --
>>> What are people's thoughts on the practicality of starting to use ECDSA
>>> keys?
>>>
>>> Has anyone here seen their use mandated over RSA/DSA in a business setting?
>>> Has anyone just jumped into ECDSA bliss, and not looked back?
>>
>> Not that this might mean much, but I use them.
>>
>> As for policies in a business setting; I gather such technical
>> policies are made by people like you, so it's likely up to what folks
>> like you write in said policies :)
>
> So I'm in the process of getting a client to pickup better practices
> with SSH, and found out even OSX 10.7.5 doesn't support ecdsa.
>
> AFAIK, Putty doesn't either yet, and I doubt SSH for Windows does either.
So many things there just blew my mind...but OK, I'll mend myself later :)
I'd simply recommend to them to start using keys, regardless of type -
get them in the habit, and whenever these other tools get support for
the new fangle stuff, just add to authorized keys and migrate. Just
get them in the habit of thinking about keys instead. I'm sure you
know all this....
...and with Brian here, get their client software to something recent.
More information about the talk
mailing list