Generate new key – ECC vs RSA

It’s fine to stick with RSA. ECC is more space-efficient, but it is not supported everywhere.

My questions are is it safe start using ECC or should one stick with RSA for at least a few more years ?

When using curve25519, ECC is considered more dependable. It is firm and immune to a diverseness of side-channel attacks by design. RSA is no less dependable though in hardheaded terms, and is besides considered unbreakable by modern engineering. It is sufficiently fast for use by GnuPG .

But is this Curve compatible to older GnuPG-Version and early systems or are there some problems ?

It is discrepant with older systems. It is necessary for all parties to support the like algorithm. You can, however, have multiple subkeys. You can have a single modern subkey with ECC, and an older one with regular RSA which could late be revoked once error correction code support is omnipresent .

besides will this be something we can use for the adjacent few years or should I expect some constant transfer in terms of some curves will be standardized and stay for a hanker time ( like RSA ) and supported by all systems and some curves might be disappear because they ‘re not trustworthy ?

ECC is old. not a honest-to-god as RSA, but it is still old and well-studied. It is unlikely that curve25519 will disappear due to trustworthiness as it uses nothing-up-my-sleeve numbers. It is a safe bend. Curve25519 uses modulo p = 2255 – 19 and y2 = x3 + 486662×2 + ten. Compare this with a standard NIST arch like P-256 where these values are … unexplained at best, leading people to speculate that they were designed intentionally to weaken them to classes of attacks known entirely to the NSA ( NOBUS ). The alone argue it would fall out of privilege is if a major attack on this class of curves is found .

I besides came across a newspaper where the NSA recommends keep using RSA and delay for Post-Quantum-Cryptography alternatively of using ECC.

This is in character because ECC requires a smaller key size. For classical security, this is absolutely very well, and a 256-bit ECC winder can be stronger than a 2048-bit classical key. Both of these types of keys can be broken by functioning cryptanalytic quantum computers. For a quantum computer to routine, it needs a total of qubits ( the quantum equivalent of transistors ). It is very difficult to get a large sum of qubits to work together due to a phenomenon known as quantum decoherence, so the total of qubits may be limited for some time. It is possible that a cryptanalytic quantum computer will have enough qubits to break a 256-bit ECC key, but not a 2048-bit RSA key. It may be better to wait for post-quantum cryptography like SIDH, NTRU, or NewHope which resist all these attacks .

I ‘m precisely an average GnuPG-user but it seems to me there is some sort of uncertainty about the manner cryptography develops within the adjacent few years .

It is absolutely acceptable to keep using RSA. Once ECC is better supported, you can migrate to it in the mannequin of a new subkey. ECC keys and signatures are a lot smaller, so if this is a precedence for you, you may want to start using ECC. RSA keys and signatures are large and can be quite gawky .

Leave a Reply

Your email address will not be published.