Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You can have a GitHub specific ssh key.

  ssh-keygen -q -t rsa -b 4096 -N "passphrase" -C "mygithub@someaddress.org" -f ${HOME}/.ssh/.ghub
then in your ${HOME}/.ssh/config

  IdentitiesOnly yes
  Host github.com
    Hostname ssh.github.com
    Port 443
    User git
    IdentityFile /home/username/.ssh/.ghub
    ForwardAgent no
Not that it matters in this case, just sayin'.


In fact, I have a machine specific GitHub specific key.


2048 is enough.


For now. https://www.keylength.com/en/compare/

Why risk it when generating an ed25519 or rsa4096 keypair is cheap?


The same logic would apply to an 8192 bit key. One more bit doubles the key space. Someone who is be able to crack 2048 bit keys, probably also has the opportunity to crack 4096 bit keys. It may not be cheap for your communication partners to use your 4096 bit key. Smartphones and embedded devices want to use as less energy as possible. With an 4096 bit key, you force your communication partners to spent an unnecessary amount of energy.


> One more bit doubles the key space

Yes, except that a 4096 bit key is not just "one more bit", it's double the amount of bits.

> Someone who is be able to crack 2048 bit keys, probably also has the opportunity to crack 4096 bit keys

No, it would require an impossibly large amount of effort to crack 4096 bit keys compared to 2048 bit keys.

> Smartphones and embedded devices want to use as less energy as possible

They can use ed25519 then.

> With an 4096 bit key, you force your communication partners to spent an unnecessary amount of energy.

They spend more energy by running ad-ridden "apps" and electron monstrosities.


I agree. I used 4096 in the example just in case my great grandkids find this post. They will have Quantum implants.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: