[PATCH] curve25519-sha256 at libssh.org key exchange proposal

Markus Friedl mfriedl at gmail.com
Sat Nov 2 20:07:05 EST 2013


if I understand http://git.libssh.org/projects/libssh.git/commit/?id=4cb6afcbd43ab503d4c3d3054b96a1492605ea8d
correctly, then the shared secret is encoded as a bignum,
probably because the rest of the code assumes it's a bignum
(e.g. for key derivation, etc). however, the DH public keys
are always encoded as strings (both in my patches and
in the libssh.org code).


Am 02.11.2013 um 07:57 schrieb Markus Friedl <mfriedl at gmail.com>:

> It should be compatible with the original patch. However I think that the shared secret should be encoded as a string, too. What does libssh do?
> 
> 
> 
>> Am 02.11.2013 um 05:46 schrieb Damien Miller <djm at mindrot.org>:
>> 
>>> On Fri, 1 Nov 2013, Markus Friedl wrote:
>>> 
>>> Here are three versions (patch against openbsd cvs)
>>> 
>>> 1) repace nacl w/libsodium, so i could test
>>> 2) curve25519-donna
>>> 3) Matthew's public domain reference implementation.
>>> 
>>> i'd vote for #3
>> 
>> Yes, me too.
>> 
>> One thing: this patch will be incompatible with Aris' since we calculate
>> the hash over the DH values encoded as strings rather than (as he does)
>> bignums.
>> 
>> IMO they should be strings because they aren't ever sent as bignums on
>> the wire, but if the Curve25519 support is widely deployed then it might
>> be too late to change. I don't think the encoding makes any appreciable
>> difference to security - the bignum encoding is unambiguous.
>> 
>> -d



More information about the openssh-unix-dev mailing list