[PATCH] curve25519-sha256 at libssh.org key exchange proposal

Damien Miller djm at mindrot.org
Sat Nov 2 15:46:14 EST 2013


On Fri, 1 Nov 2013, Markus Friedl wrote:

> Here are three versions (patch against openbsd cvs)
> 
> 1) repace nacl w/libsodium, so i could test
> 2) curve25519-donna
> 3) Matthew's public domain reference implementation.
> 
> i'd vote for #3

Yes, me too.

One thing: this patch will be incompatible with Aris' since we calculate
the hash over the DH values encoded as strings rather than (as he does)
bignums.

IMO they should be strings because they aren't ever sent as bignums on
the wire, but if the Curve25519 support is widely deployed then it might
be too late to change. I don't think the encoding makes any appreciable
difference to security - the bignum encoding is unambiguous.

-d


More information about the openssh-unix-dev mailing list