Wednesday, 7 September 2016

ssh keys how big should they be

I was asked recently how big should an ssh key be, the answer is simple as big as you can support.
The reason I say as big as you can support is not only the larger the key the harder it will be to break but also because you will most likely be limited by some device on your network that doesn't support larger than 4096bit keys.

For example, I try to run 8192bit everywhere I can and one of the places that I've found that I can't is phones, however, this is more of an app issue than the phone itself.

Some of you would ask why not a larger key like 16384bit while others would ask why larger than 2048.

Well, the answer is simple in both counts 2048bit is now standard for most systems meaning it will be the first one that people try to break, this doesn't make it any less secure however it does mean more people are trying to break it.

As for the 16384bit will apart from the overhead on the connection, depending on the speed of computer on each side it can make the connection unreliable and painful to use.

So I split the difference and when with 8192bit key, so far I can say the connections are stable and I've a good feeling about security, however, I still have another 2048bit key that I use for online sites that don't yet support 8192bit and I'm sad to say that doesn't look like it will change for at least another two years.

No comments: