RSA vs ECDSA vs ED25519

Gaucho1972
Gaucho1972
Community Member
edited July 2022 in SSH

Wondering why ECDSA is not supported. ED25519 is not supported by FIPS-140-20 and so FIPS enabled hosts cannot use ED25519. I was under the impression, and please correct me if I'm wrong, but RSA 2048 length keys are nowadays considered compromised by default and 4096 being the only acceptable key size, but still "not great". ECDSA was supposed to be the replacement for RSA.

I get the need to support RSA for legacy purposes, but why no love for ECDSA? As someone who works with FIPS enabled systems a lot ECDSA key generation in 1Password would be great.

Thanks

Mark Guz


1Password Version: 8
_Extension Version:
Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • Great question. We still consider RSA 3072-bit and 4096-bit keys to be strong keys. The biggest downside though is that they're noticeably slow.

    Why we left out ECDSA is because it doesn't provide additional benefits over Ed25519, other than legacy reasons, which are better covered by RSA.

    With that said, we haven't fully ruled out ECDSA yet. This is still on the list, but not prioritized at the moment.

  • Tertius3
    Tertius3
    Community Member

    Please keep in mind that users have to deal with a vast amount of older systems and older keys that cannot be updated to use state of the art key types. It's even so that the security policy of your company may require to use for example "rsa 2048 bit" keys, and you must use these. Yes, company policy requires this, and this is immutable like one of the god given commandments. Everyone knows it's not state of the art any more, even the persons who wrote the policies, but a policy update needs years and the next one isn't planned yet.

    With such keys, 1Password cannot be used, but in reality, such keys are being used.

    So it's required for universal use for the agent to be useful to support every key algorithm and key length OpenSSH does support, even the unsecure ones. It's the user who decides to use some algorithm, it should not be the software that simply denies him to use one.

  • @Tertius3 I agree with that assessment, which is exactly why we do support 2048-bit RSA keys, actually.

This discussion has been closed.