Need to research if work factor in validation is less for ECDSA 256 key vs RSA 3248 key. Gmail uses this so should be safe for mass browser support also.
On the other hand, ECDSA requires a "true" random number generator as opposed to crypto/rand package which is a pseudorandom number generator. However we can combine crypto/rand with entropy generated by the incoming request (IP, request time, time spent on internal queue, load balancing route, handling server no, cpu mem usage for request, etc. etc.) to generate enough randomness for this purpose.
At this point, I'm not 100% sure if we should hash than XOR crypto/rand with other randomness or there is a more secure way.
http://www.keylength.com/en/3/
Need to research if work factor in validation is less for ECDSA 256 key vs RSA 3248 key. Gmail uses this so should be safe for mass browser support also.
On the other hand, ECDSA requires a "true" random number generator as opposed to
crypto/rand
package which is a pseudorandom number generator. However we can combinecrypto/rand
with entropy generated by the incoming request (IP, request time, time spent on internal queue, load balancing route, handling server no, cpu mem usage for request, etc. etc.) to generate enough randomness for this purpose.At this point, I'm not 100% sure if we should hash than XOR
crypto/rand
with other randomness or there is a more secure way.