[tor-dev] [draft] Proposal 220: Migrate server identity keys to Ed25519
grarpamp at gmail.com
Wed Aug 14 11:06:17 UTC 2013
> proposal, I guess, by having documents signed with Ed25519 and
> RSA1024... but one of the signatures is much better than the other:
> 255-bit ECC groups will be secure long after RSA1024 has fallen.
I think the reference I saw was referring not to extended effective key
length  but to offset algorithms , in case some maths pop up from
the hole and say look what we just broke. Yes, both are sortof happening
above. I doubt Tor would be the first realtime target upon that news anyway
and would be written around in a flag week. Stored traffic later might. O well.
 eg: 256 ecc ~= 3k rsa afaik
 As in the md5/sha1 to n (below) to sha3 situation. And maybe
some creeping closer for rsa now too.
> (I'm also a little surprised that nobody has said we should be using
> Keccak or Blake2 in place of SHA256/SHA512 here. ;) )
More information about the tor-dev