[Cialug] Major crypto improvements in SSH
Nicolai
nicolai-cialug at chocolatine.org
Tue Nov 19 18:01:58 CST 2013
On Tue, Nov 19, 2013 at 05:41:51PM -0600, Todd Walton wrote:
> On Sun, Nov 17, 2013 at 11:48 AM, Nicolai <nicolai-cialug at chocolatine.org>wrote:
>
> > Just so you know, libssh & OpenSSH are doing great work improving crypto
> > in SSH. One of the libssh devs wrote curve25519-sha256 at libssh.org which
> > was adopted as the default kex in -current OpenSSH. This replaces the
> > weak (or possibly even backdoored) NIST P-256.
>
> To take advantage of this, I assume one would have to be using compatible
> SSH clients with an OpenSSH server? We don't just immediately get the
> benefits, right?
Right. You'll need an OpenSSH client to benefit from this improvement.
If you're talking about putty, you can request features:
http://www.chiark.greenend.org.uk/~sgtatham/putty/feedback.html#feedback-features
If anyone does this, be sure to mention curve25519-sha256 at libssh.org is
now *default* in OpenSSH and libssh. :-)
Nicolai
More information about the Cialug
mailing list