No point compression in SSH2_MSG_KEX_ECDH_INIT
Aris Adamantiadis
aris at 0xbadc0de.be
Thu Feb 2 21:44:55 AEDT 2017
On 1/02/17 12:37, Damien Miller wrote:
> On Tue, 31 Jan 2017, JCA wrote:
>
>> I have noticed that the EC public key sent in the SSH2_MSG_KEX_ECDH_INIT
>> message is sent without point compression. Are there any plans to use point
>> compression eventually? I imagine that, in part, you guys are not yet
>> implementing it for patent reasons, right?
> I'm not aware of any plans for implementing point compression and I
> don't plan on adding it myself. Motivation for not including it was
> as much keeping the pre-auth code as simple as possible as anything
> else.
When I implemented ecdsa and ecdh in libssh I couldn't even find the
code relevant to point compression in OpenSSL, because it does not
exist. Apparently solving a second order equation in GFp is patented.
Curve25519 and ed25519 don't have that problem, because they don't need
point compression.
Aris
More information about the openssh-unix-dev
mailing list