[UI_at_80x24]

  As a professional and expert I would love to hear your thoughts and opinions on the use of elliptic curve crypto with SSH.  There was a concern (unsure of the validity) that NSA/NIST had compromised the algorithm used and ECC was unfit for 'secure' communication. 

2048bit RSA has been deprecated since that declaration and while 4096bit is still viable, the smaller key-size of ed25519 is appealing.

[41599799]

Ever since the DUAL_EC_DBRG backdoor[1], trust in cryptographic algorithms set by NIST has been reduced.

In the case of ECC curves, the NIST curves rely on a number of highly specific but unexplained constants. More info about the safety and security of curves can be found at https://safecurves.cr.yp.to/

For now, Curve25519 is considered a good bet.

[1] https://en.wikipedia.org/wiki/NIST_SP_800-90A#Backdoor_in_Du...

[CarpaDorada]

2048bit RSA is not deprecated...

[AlotOfReading]

NIST has deprecated it for government use after 2030, just not today.

[fsckboy]

well, deprecated does not mean it stops, just that it comes with warnings, so not 2030 either.

[AlotOfReading]

It puts it in the same category as triple DES.