When configuring the server after installation, we get to create or import a private key/public key pair for authentication but the type is fixed to DSA / RSA 2048 bit.
Why can’t we use ed25519 to create our private keys. AFAIK ed25519 has about the same strength as RSA 3000-bit and it is faster. Or, is there still software out there without support for ed25519?
I mean: we’re talking about a password safe, right?
If the private key is cracked, all your other passwords are too.
So why not go for the stronger & faster algorithm?
Or am I missing something?
Checklist
[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[ ] I provide relevant information about my server (component names and versions, etc.)
[ ] I provide a copy of my logs and healthcheck
[ ] I describe the steps I have taken to trouble shoot the problem
[ ] I describe the steps on how to reproduce the issue
The setup wizard in passbolt is misleading, DSA is actually not used, only RSA (you can see that when you donwload the key and inspect them). As far as I know the RSA 2048 is still considered safe. It is the NIST recommendation and the GnuPG default. Mailvelope has a RSA 4096 default, which makes sense since emails have a longer life than passwords. It is possible for you to import a longer RSA key already.
We have support built in the front end to support other algorithms supported by Openpgp.js. The issue is with the server component. It is not a small feat to officially support multiple operating systems, php version, gnupg, etc.
This is something we could work on if there is a demand from the community.
Thank you for your reply.
The subject does only mention RSA, so I understood that DSA wasn’t used. It’s shown as a string on the web page like that.
I’m not a security expert, I only wanted to share what I found on the internet with the community.
I googled on the difference between the auth types and even though as you said, RSA 2048 is not yet ‘weak’, I give you that much, only the fact that it is recommended by NIST, seems enough a reason for many to not use it at all ;-).
Some say plain and simple: Nist cannot be trusted (you can find it here)
Others remain more political correct but do say the same thing: http://security.stackexchange.com/a/46781
Openpgp.js supports ed25519 from v3.0 but it cannot be selected for key creation nor imported. So I understand the issue is on the server side and considered to be a feature request.
That’s fine by me. I just hope more people also find this important and back me up with this request then.