Looking to generate an SSH key for your next remote server connection or data encryption? You might have run across different kinds of keys that you can use, the most popular of which are the Ed25519 and RSA.
If you are wondering what the differences are between these two key generation methods and why you should even bother using them, then you have come to the right place. In this article, we will be diving into what differentiates these two methods and which one you should opt for.
What Are Ed25519 And RSA
Both of these are underlying cryptographic algorithms for SSH key generation. With the rise of cloud infrastructure and SAAS platforms, accessing remote machines or data has become a common task.
With this rise came the need to make transactions and logins more secure; due to this, the SSH protocol was born. SSH keys are the access credentials you need for an SSH protocol to validate you.
DISCLOSURE: This post may contain affiliate links, meaning when you click the links and make a purchase, we receive a commission.
Invented in 1978, RSA cryptography uses large semi-prime numbers factorizations as its key generation logic. With no existence of general formula to factor a compound number into its prime factors, the RSA algorithm relies on the fact that there is a direct correlation between the size of the number and the time it takes to compute its prime factors.
EdDSA: Elliptic Curve Discrete Logarithm Problem
Grounded in the same logic as RSA, the EdDSA algorithm also relies on unsolvable mathematical conjecture, but this time around, it’s not that of prime numbers but discrete log problems. By using elliptic curves, it is able to achieve the same level of computational complexity with significantly smaller keys.
Ed25519 vs RSA
Difference Between Ed25519 and RSA
The differences between these two are more than just the underlying algorithms; there are also differences that affect consumer use. For a detailed breakdown, read below.
Unsurprisingly, being around for the longest time also means that the RSA is the most popular and widely supported SSH standard. RSA algorithm is implemented in every major programming language. Additionally, almost every remote client or server supports 2048-bit or higher RSA keys. Keys smaller than 2048 might not be universally supported.
Ed25519, on the other hand, is a newer EdDSA variation. While it has seen large-scale adoption amongst the various other Edward curves used in the EdDSA algorithm, it’s still not as widely supported. However, as time passes more and more clients will shift over to this newer and arguably better algorithm for their SSH key generations.
While being around the longest has garnered the RSA standard lots of consumer adoption, it has also led to its performance degradation. Exposed to Moore’s law for decades means the key size for the RSA has to increase significantly to keep up with the ever-increasing computational power.
According to National Institute of Standards and Technology (NIST) standards, the RSA algorithm needs to output a 3072-bit key to achieve 128-bit security that is deemed the industry standard. Other algorithms are able to achieve the same level of security with much smaller key sizes.
On the other hand, Ed25519 achieves 256-bit security as compared to the 128-bit achieved by RSA, while both use the same sized 3072-bit key. Not only do we get more security with the same bit length, but the Ed25519 is also the fastest-performing algorithm compared to all other commercially available options, not just RSA.
Their continued use in industry-leading tech is a sign of their secureness and dependability. However, if we were to compare, then the RSA algorithm is a bit less secure than EdDSA. In recent years, there have been some algorithms (see: Quadratic Sieve and General Number Field Sieve algorithms) that can factor specific types of integers into their prime components.
However, with the newer, larger, sized standard RSA keys, the risk of them being comprised of these algorithms is still almost negligible. On the other hand, the EdDSA has no such fallacies. It is currently the most secure SSH key generation algorithm available to consumers.
While both algorithms will serve your SSH protocol needs, there are certain advantages of choosing one over the other. If all you need is basic encryption for data transfer or protection for a simple server connection, then the universal RSA keys will suit you just fine.
However, if you are building a complex service or web structure/platform with a large enough scope, then it’s better that you opt for the EdDSA algorithm for future-proofing, speed, and enhanced security. For a diagrammatic depiction of the comparison, refer to the table below.
|Popularity||Relatively new and in the process of widespread implementation.||Popular and widely implemented.|
|Performance||Exponentially faster performance in both key generation and decryption.||Baseline performance with no advantages or disadvantages.|
|Security||No known flaw or algorithm that can decrypt.||A few algorithmic decryptors are countered by larger key sizes.|
There you have it! After reading the pros and cons of each technology, you should be able to make a decision regarding which one will generate your next SSH key. For any other tech-related query, feel free to browse through our other articles to find a quick and easy solution.