[nycbug-talk] RSA/DSA for encryption: has it's time come?

George Rosamond george at ceetonetechnology.com
Tue Aug 27 21:50:35 EDT 2013


Okan Demirmen:
> On Tue, Aug 27, 2013 at 7:24 PM, George Rosamond
> <george at ceetonetechnology.com> wrote:
>> Okan Demirmen:
>>> On Wed, Aug 7, 2013 at 9:58 AM, Isaac (.ike) Levy
>>> <ike at blackskyresearch.net> wrote:
>>>>
>>>> Hi All,
>>>>
>>>> I'd love to know what people's thoughts are on the state of older
>>>> RSA/DSA encryption, versus the future of eliptic curve ECDSA:
>>>>
>>>> http://www.technologyreview.com/news/517781/math-advances-raise-the-prospect-of-an-internet-security-crisis/
>>>>
>>>> --
>>>> A few years ago, a number of us were wary of the brand-spankin'-new ECC
>>>> crypto for use in SSH public keys.  And then months later, there were
>>>> some ECDSA/ssh implementation problems exposed:
>>>>
>>>> http://marc.info/?l=openssh-unix-dev&m=130613765816780&w=2
>>>>
>>>> So, that was 2 years ago, ECDSA implementations are now no longer in
>>>> their infancy.
>>>>
>>>> --
>>>> What are people's thoughts on the practicality of starting to use ECDSA
>>>> keys?
>>>>
>>>> Has anyone here seen their use mandated over RSA/DSA in a business setting?
>>>> Has anyone just jumped into ECDSA bliss, and not looked back?
>>>
>>> Not that this might mean much, but I use them.
>>>
>>> As for policies in a business setting; I gather such technical
>>> policies are made by people like you, so it's likely up to what folks
>>> like you write in said policies :)
>>
>> So I'm in the process of getting a client to pickup better practices
>> with SSH, and found out even OSX 10.7.5 doesn't support ecdsa.
>>
>> AFAIK, Putty doesn't either yet, and I doubt SSH for Windows does either.
> 
> So many things there just blew my mind...but OK, I'll mend myself later :)
> 
> I'd simply recommend to them to start using keys, regardless of type -
> get them in the habit, and whenever these other tools get support for
> the new fangle stuff, just add to authorized keys and migrate.  Just
> get them in the habit of thinking about keys instead.  I'm sure you
> know all this....

Like most of the sane world, they are using keys.. with passwds.  I'm
going the next step.

> 
> ...and with Brian here, get their client software to something recent.
> 

g



More information about the talk mailing list