which principles for ssh key algo selection I should use for git-mainly operations?



  • which rules I should choose for ssh algo selection, provided it will be used near 100% for git operations? I'm going to use it with git on linux laptops, often used on public wifi.

    currently I have:

    1. speed
    2. modern (no need to serve old SSH servers)

    and that leads me to Curve25519 selection, but do I miss something important?



  • Typically, I would recommend Ed25519 keys assuming the servers you're using support it. Ed25519 is reasonably well supported among modern SSH clients and servers, and it provides a 128-bit security level, which we presently believe is secure.

    Another popular type is RSA keys, but they require a 3072-bit key to provide a 128-bit security level, and unlike Ed25519, which is almost always implemented in a constant-time manner, RSA is slower and may not be constant time in all implementations. Ed25519 also always uses SHA-512, whereas in some case RSA keys can use SHA-1, which is no longer secure.

    https://infosec.mozilla.org/guidelines/openssh.html , as https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent .




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2