[PATCH] curve25519-sha256 at libssh.org key exchange proposal
Markus Friedl
mfriedl at gmail.com
Sat Nov 2 17:57:45 EST 2013
It should be compatible with the original patch. However I think that the shared secret should be encoded as a string, too. What does libssh do?
> Am 02.11.2013 um 05:46 schrieb Damien Miller <djm at mindrot.org>:
>
>> On Fri, 1 Nov 2013, Markus Friedl wrote:
>>
>> Here are three versions (patch against openbsd cvs)
>>
>> 1) repace nacl w/libsodium, so i could test
>> 2) curve25519-donna
>> 3) Matthew's public domain reference implementation.
>>
>> i'd vote for #3
>
> Yes, me too.
>
> One thing: this patch will be incompatible with Aris' since we calculate
> the hash over the DH values encoded as strings rather than (as he does)
> bignums.
>
> IMO they should be strings because they aren't ever sent as bignums on
> the wire, but if the Curve25519 support is widely deployed then it might
> be too late to change. I don't think the encoding makes any appreciable
> difference to security - the bignum encoding is unambiguous.
>
> -d
More information about the openssh-unix-dev
mailing list