kcking
commented
7 years ago Agreed, we plan to release support for ed25519 and multiple keys at the same time
Closed kennylevinsen closed 7 years ago
kcking
commented
7 years ago Agreed, we plan to release support for ed25519 and multiple keys at the same time
kcking
commented
7 years ago Ed25519 support has just been released, still with a one-key (one RSA or one Ed25519) maximum.
Follow https://github.com/kryptco/kryptonite-android/issues/38 for updates on when we support multiple keys.
Thanks!
kennylevinsen
commented
7 years ago Awesome!
Ed25519 is as high as we can go on the security ladder for now, but is not widely supported yet. For this reason, a "compatibility" key is required.
What is needed is at minimum two keys - an Ed25519 key, and an ECDSA or a RSA key for compatibility with older servers. The agent should try one at a time, ordered by perceived security level. This is what a regular agent, or even an agent-less SSH client usually does.
Ed25519 support has already been put in and reverted again for compatibility reasons, as support is quite poor. However, the 3072 bit RSA key we're left with is a bare minimum security requirement, and is slower to operate on than Ed25519.