[Cialug] Major crypto improvements in SSH
Nicolai
nicolai-cialug at chocolatine.org
Sun Nov 17 11:48:37 CST 2013
Hey all,
(In the context of SSH claimed as decryptable in Snowden docs...)
Just so you know, libssh & OpenSSH are doing great work improving crypto
in SSH. One of the libssh devs wrote curve25519-sha256 at libssh.org which
was adopted as the default kex in -current OpenSSH. This replaces the
weak (or possibly even backdoored) NIST P-256.
OpenSSH is also now working to implement ChaCha20Poly1305. ChaCha20 is
similar to Salsa20, a superfast constant-time stream cipher with a
very high security margin. Poly1305 is a MAC function. I don't know if
this will be the default authenticated cipher. This is also great
because it builds confidence for proposals adding Salsa20 or ChaCha20
to TLS.
If you're curious about the security levels of different curves, such as
Curve25519 and P-256, see:
http://safecurves.cr.yp.to/
Nicolai
More information about the Cialug
mailing list