[throw0101a]

The conclusion has the line:

> […] while EdDSA performs much faster and provides the same level of security with significantly smaller keys.

For non-embedded systems, how important is the speed and/or size consideration?

Keys are (IIRC) only used on initial contact, and the bulk of traffic operations will use symmetrical algorithms, so it it that big of a deal?

Perhaps throwing around a comparatively short "id_ed25519.pub" is easier?

[a1369209993]

> For non-embedded systems, how important is the speed and/or size consideration?

Let's put it this way, ed25519 keys take up this much space:

  sTSv4xsmaTqwhi3Qzj16w+zlRBxBvn+F3IVmxUwNkTg=

While RSA 4096 keys take up this much space:

  vUvYsQlH1yvH3KE+uJbbb8TwgvVruQpFaLzoUThFPrGKVJ+qgJqmNaMclqGnTfFb
  a6y9n4h4c5rWRX1jmzr/w72StPYbxdmxq/aTZWPWEaokQHupbk24idxxJDJXhFOm
  nJYLKe3R+14ps4n396r5sF9iyC5azqUPXKUX5k94O1wSeUrqSkW19Qu5jVYhAbBq
  aI1oUlf6Aij2pcrCIEORGqhFClLhN1H4turNPJlsw7wTeq1YVvOWYM6PKSGrlt8I
  mEgXoNnlsHnFDTZpu7ndyT2+fGfVHlVqRqEiKL53PzVUqDZYIOiclH92Y6yWOze+
  WteZjvrk1S2jdcuyEpn9mBCoz2o1koiS4F2Y8wsRtD4YZC1RSIcaul/vWp/tETqn
  zCcVysEdEbVkuzBcEc2g2P6pky4QT1o8IR/g33TRFOjkrNGekf/8ZNLhAPuoclxa
  K0LKpzV09MT5YIunkZgH+ZwDhKOcCaXweVYHoiO/BO/gP9DS93LlbsvVcrm02CYh
  V9Cl98iUuBgPLT/xMP7C4ZxwR2Dtc0kLP8fJqmy3HaeNqyEk1eEF1hGPsizWjQo8
  rABXBxNuoKD2m0SGmy4BDtQKLibushIlhoNMrkmvdNahOaEUPAgCLRYK1CN7082p
  CaYk76FZ32ZBSQ4yiFrLrewBhYdJTxkUdLgUFGo2Ie8=

In other words ed25519 keys are something you can reasonably expect people to copy-paste and otherwise work with as if they were URLs or content-addresses like md5 file hashs. RSA keys... aren't. You can work around this with keyservers and the like, but that adds more moving parts and more opprotunities for things to break for no reason.

[jeffbee]

It can take a surprisingly long time to do the initial exchange on a smart card.

[nytgop77]

smart card is kind of embedded system by it self.

[Vmody2]

Symmetric keys encrypt the entire session but asymmetric keys encrypt each communication during the session.

But yeah, non embedded systems aren't as constrained. At least for practically generating SSH keys, RSA is just as fine.