nistp256 preferred over ed25519

Fedor Brunner fedor.brunner at azet.sk
Thu Apr 10 22:39:34 EST 2014


Hello,
Maybe I'm asking an already answered question, if yes I'm sorry to
bother you.

Why in default HostKeyAlgorithms settings is
ecdsa-sha2-nistp256-cert-v01 at openssh.com preferred over
ssh-ed25519-cert-v01 at openssh.com ?

For example in default settings for KexAlgorithms the
curve25519-sha256 at libssh.org is preferred over ecdh-sha2-nistp256.

Fedor


Defaults in openssh-6.6p1

HostKeyAlgorithms
  ecdsa-sha2-nistp256-cert-v01 at openssh.com,
  ecdsa-sha2-nistp384-cert-v01 at openssh.com,
  ecdsa-sha2-nistp521-cert-v01 at openssh.com,
  ssh-ed25519-cert-v01 at openssh.com,
  ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,
  ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,
  ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
  ssh-ed25519,ssh-rsa,ssh-dss


KexAlgorithms
  curve25519-sha256 at libssh.org,
  ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
  diffie-hellman-group-exchange-sha256,
  diffie-hellman-group-exchange-sha1,
  diffie-hellman-group14-sha1,
  diffie-hellman-group1-sha1


More information about the openssh-unix-dev mailing list