Openvpn RSA V ECC

[Air4141841 23]

just trying to educate my self.

256 AES GCM is considered RSA along with chacha20 a newer cipher? 

then I am reading about Elliptical curve cryptography like:
ED255, ED448, Secp521

do the elliptical curve ciphers take specific processors like higher end Intel only to be able to compute the data? 

if you had the "correct" hardware which would you choose, RSA or ECC?   



 

[OpenSourcerer 1359]

27 minutes ago, Air4141841 said:

256 AES GCM is considered RSA along with chacha20 a newer cipher? 

Erm… what's the question here? RSA is not the same as AES or ChaCha20, and of these names only ChaCha20 is "young".
If you're asking for ed25519 support in AirVPN/OpenVPN, it gets complicated as this only got introduced in OpenVPN 2.5 if I see it right, and there are still some massive numbers of users on 2.4, or even 2.3 sporadically, so these clients require certs be RSA-signed.
 

29 minutes ago, Air4141841 said:

do the elliptical curve ciphers take specific processors like higher end Intel only to be able to compute the data? 

No.
 

30 minutes ago, Air4141841 said:

if you had the "correct" hardware which would you choose, RSA or ECC?   

Depends on the use case and what's more important to you, compatibility or modernity. RSA is usable everywhere, Edwards curves started to appear in mid-2010s or so, so if you work with software that wasn't updated for ~5+ years, RSA might be your only option.

[Air4141841 23]

RSA seems to be the most common used, and certainly older/ compatible 

I wonder if we will see airvpn servers with ed25519, ed448 capabilities since 2.5 has been out for some time now 

 

[OpenSourcerer 1359]

16 hours ago, Air4141841 said:

I wonder if we will see airvpn servers with ed25519, ed448 capabilities since 2.5 has been out for some time now 

Yes, but that doesn't mean all device manufacturers magically started to keep their software up-to-date. Newest Synology software is still on 2.3 if I'm not mistaken, so you need to keep support for both RSA and Edwards. This adds an additional layer of complexity to configuration, both user-side and server-side, which must be addressed in a more or less idiot-proof way (not trying to be condescending here, but not trying to use the cursed word "user-friendly", too). The ad-hoc answer is obvious: RSA is supported everywhere and keys >=3072 bit are still considered high security (while 2048 bit keys are sufficient for most things). The incentive is rather low, even though ed25519 boasts some very interesing advantages.

Nevertheless, it's up for debate if ed25519 will ever see widespread usage like RSA did. By the time we phased out RSA, quantum cryptography might be the state of the art. We can't even phase out IPv4 after its alternative's availability of almost 25 years, how is that going to work for RSA?

[Air4141841 23]

i find it strange that crypto storm is the ONLY service that I've seen that utilizes it

there is clearly a bug with the 21.05.02 Version of Pfsense.   as even the free version will not connect,    I accidentally updated to a dev version 2 weekends ago and it will connect to that service now..

maybe with a new server added Airvpn can enable this? 

 

[OpenSourcerer 1359]

4 hours ago, Air4141841 said:

i find it strange that crypto storm is the ONLY service that I've seen that utilizes it

Not strange at all. They've got different priorities. Where most providers try to find the compromise between compatibility and security (which RSA is), they emphasize newer tech.