There has been a recent discussion on debian-devel on this subject: RSA vs ECDSA (Was: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!)
In particular: * http://thread.gmane.org/gmane.linux.debian.devel.announce/1893/focus=191567 We can read that 4096-bit RSA should be preferred over ECDSA. http://safecurves.cr.yp.to/ does not list P-521 but there's no reason to think it does not have any flaw of other NIST curves. E-521 may be a better choice but it seems too new. Then I wonder: would it be possible to choose the algo to use in the new tinc protocol ? (BTW, when testing ExperimentalProtocol=yes, I was surprised to see that tincd refuses to start if there's no private RSA key) * http://thread.gmane.org/gmane.linux.debian.devel.announce/1893/focus=191567 How is ECDSA used in Tinc ? It seems a proper implementation is to not rely on a RNG, as described by RFC 6979. About performance: sign verify sign/s verify/s 521 bit ecdsa (nistp521) 0.0005s 0.0012s 1891.0 829.8 rsa 4096 bits 0.010225s 0.000164s 97.8 6100.3 I guess Tinc uses both operations equally, so RSA would be slower.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tinc mailing list [email protected] http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
