Nick Sullivan1 writes:
You can compute how much energy is needed to break a cryptographic algorithm and compare that with how much water that energy could boil. This is a kind of a cryptographic carbon footprint. By this measure, breaking a 228-bit RSA key requires less energy than it takes to boil a teaspoon of water. Comparatively, breaking a 228-bit elliptic curve key requires enough energy to boil all the water on earth. For this level of security with RSA, you’d need a key with 2,380 bits.
ED25519 uses a 256-bit elliptic curve key.
Release notes for OpenSSH 8.3 announce that ssh-rsa is disabled by default in future releases. It is a good time to adopt ed25519 for public key authentication.