On Fri, May 25, 2012 at 10:49:26PM +0100, Jason McIntyre wrote: > On Fri, May 25, 2012 at 09:25:29PM +0000, Christian Weisgerber wrote: > > RSA-4096 is really excessive. RSA-2048 is the general recommendation > > and what we use by default for SSH and IKE host keys. > > i wish you'd commented earlier then ;( > > would you like it shifted to 2048?
Note that we prioritize ECDSA keys by default in SSH, even though RSA keys are created. This handy guide has some equivalents: http://www.nsa.gov/business/programs/elliptic_curve.shtml It shows RSA-3072 to be equivalent to 128-bit symmetric or 256-bit ECC. So RSA-3072 is equivalent to other cryptographic defaults in the system (256-bit ECDSA, 128-bit AES-CTR). 2048 is an acceptable default, and 3072 is preferable IMO. 4096 is expensive... but that's RSA. Nicolai
