@dangoodin ECDSA isn’t the same as RSA. A 521 bit ECDSA key is significantly more secure than the largest RSA key possible. It’s also quantum proof. 521 bit ECDSA is the go to for secure keys, so this is a pretty big issue

@malwaretech @dangoodin yes on ECDSA bits not being comparable with RSA bits, but I wouldn’t say P-521 is the go-to for anything. It’s a weird slow curve that’s very rarely used. The HTTPS public roots are P-384. Also definitely not quantum resistant.

@filippo there is some small irony here in that the people most likely impacted here are the configuration ricers, I doubt many people have/had P-521 keys on the go, other than people blindly trying to hit the highest numbers possible

@filippo The 2015 survey had ECDSA keys as near nil levels, but that was also before you could even slightly reliably use them. I don't have the DB on hand (I'm abroad right now), but I don't remember seeing P521 being popular at all

@malwaretech @filippo @dangoodin so I pulled the github keys of 1.4k people who follow me on github, and:

$ cat keys | awk '{print $1}' | sort | uniq -c 
     50 ecdsa-sha2-nistp256
      1 ecdsa-sha2-nistp384
      8 ecdsa-sha2-nistp521
      3 sk-ecdsa-sha2-nistp256@openssh.com
     14 sk-ssh-ed25519@openssh.com
    828 ssh-ed25519
    875 ssh-rsa

P521 is used more than P384, but it's all tiny volumes compared to the actually correct option of ed25519.

I don't think P521 (or, in general ECDSA) keys are that widely used, either that or my followers are smarter or dumber than the average

@eta Sometimes :tm:, because yubikeys compatibility along the ages is a bit of a mess, so not everyone who has yubikeys can/will have the ability to use P256, but the RSA path always works