ECC and SHA algorithms

ECC and SHA algorithms

SSL certificates mostly use RSA keys, and the recommended size of these keys is steadily increasing (for example, from 1024 bits to 2048 bits in recent years), which is associated with maintaining sufficient cryptographic strength.

Both types of keys are based on the use of asymmetric algorithms (a key for coding and a key for decoding). However, ECC has the same level of cryptographic strength, despite having much smaller keys, which allows for greater security along with reduced calculation requirements.

Let’s see what ECC is and why we should consider using it.

What is an ECC?

ECC (Elliptic Curve Cryptography) is a public key cryptography method based on the use of elliptic curves on finite fields. The most important difference between ECC and RSA is the size of the key compared to the cryptographic strength. ECC is able to provide the same cryptographic strength as the RSA system, but with much smaller keys. For example, a 256-bit ECC key is equivalent to 3072 bits of RSA keys (which are 50% longer than the 2048-bit keys used today). Finally, the safest symmetric algorithms used in TLS (for example, AES) use at least 128-bit keys, so switching to asymmetric keys seems to be the most rational step.

Why use ECC?

The small size of the key makes ECC the ideal choice for devices with limited storage or processing resources that are increasingly found in the IoT field. Speaking in the context of server-side uses, the small size of the keys allows you to speed up your SSL handshake (handshake), which translates into faster page loading and greater security.

What are the cert that support ECC?

  • All Sectigo SSL certificates;
  • All GGSSL certificates;
  • Symantec PRO products.