openpgp smartcard: ssh auth speed vs. RSA key size

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

openpgp smartcard: ssh auth speed vs. RSA key size

Thomas Jarosch
Hello together,

here's an interesting observation on ssh auth speed
when using different key sizes on the openpgp smartcard:

RSA 2048 bit key: 0.7s
RSA 4096 bit key: 3.1s

Card used is an openpgp smartcard V3.3
with gnupg 2.2.4. The ssh key is accessed via gpg-agent.

We found this while creating our keys with 4096 bit and now reverted to 2048
bit. It's secure enough and the speed hit is almost not noticeable.

The time was measured with:

        $ time ssh SERVERNAME /bin/true

Cheers,
Thomas




_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: openpgp smartcard: ssh auth speed vs. RSA key size

Werner Koch
On Thu,  1 Mar 2018 18:18, [hidden email] said:

> We found this while creating our keys with 4096 bit and now reverted to 2048
> bit. It's secure enough and the speed hit is almost not noticeable.

With a gnuk token and an ed25519 key it will even be much faster than
with a RSA 2048 bit key and a real smartcard.  Unfortunately the
Zeitcontrol card does not support ed25519.


Salam-Shalom,

   Werner

--
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

attachment0 (233 bytes) Download Attachment