[Bug 3306] test_kex.c should check #ifdef USE_SNTRUP761X25519

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Apr 29 08:54:30 AEST 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3306

--- Comment #1 from balu <balu.gajjala at gmail.com> ---
Can you please clarify if sntrup761x25519-sha512 at openssh.com is enabled
by default or not? Also is it an experimental algorithm?

release page (https://www.openssh.com/releasenotes.html) says it's
disable by default.

 ssh(1), sshd(8): update/replace the experimental post-quantum
   hybrid key exchange method based on Streamlined NTRU Prime coupled
   with X25519.

   The previous sntrup4591761x25519-sha512 at tinyssh.org method is
   replaced with sntrup761x25519-sha512 at openssh.com. Per its
   designers, the sntrup4591761 algorithm was superseded almost two
   years ago by sntrup761.

   (note this both the updated method and the one that it replaced are
   disabled by default)

openbsd man page (https://man.openbsd.org/sshd_config.5) says it's
supported which means it's enabled.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list