[Bug 2995] Use SSH KDF from OpenSSL

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Oct 24 04:00:33 AEDT 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=2995

Mark D Baushke <mdb at juniper.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mdb at juniper.net

--- Comment #3 from Mark D Baushke <mdb at juniper.net> ---
A general solution would be to put the cryptographic primitives used
by OpenSSH into their own shared library so that someone who desires
to create a cryptographic boundary around it would be able to do so.

In this way, an OpenSSH built with --without-openssl could still be
functional and become a stand-alone cryptographic module.

I fully expect that NIST FIPS 186-5 will be published soon and will
provide for a number of new algorithms which will also include
ed25519, ed448 and chacha20-poly1305 in addition to the current set.
The future may also hold curve25519 and curve448 even though they
seem not to be in the next set of FIPS documents.

Making these algorithms easy to test via the

Automated Cryptographic Validation Testing
URL:
https://csrc.nist.gov/Projects/Automated-Cryptographic-Validation-Testing

would seem to be generally useful to me in the long run as it would
provide for fully exercising the cryptographic primitive
implementations. 

Isolation of the algorithms from the SSH protocol may also allow for
better optimization of these primitives and include the possibility of
using acceleration instructions like AES (AES-NI) and SHA (SHA-NI)
instructions available for some kinds of CPU (AMD, ARM, Intel, etc.)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list