[PATCH] curve25519-sha256 at libssh.org key exchange proposal
Markus Friedl
mfriedl at gmail.com
Sat Nov 2 20:07:05 EST 2013
if I understand http://git.libssh.org/projects/libssh.git/commit/?id=4cb6afcbd43ab503d4c3d3054b96a1492605ea8d
correctly, then the shared secret is encoded as a bignum,
probably because the rest of the code assumes it's a bignum
(e.g. for key derivation, etc). however, the DH public keys
are always encoded as strings (both in my patches and
in the libssh.org code).
Am 02.11.2013 um 07:57 schrieb Markus Friedl <mfriedl at gmail.com>:
> It should be compatible with the original patch. However I think that the shared secret should be encoded as a string, too. What does libssh do?
>
>
>
>> Am 02.11.2013 um 05:46 schrieb Damien Miller <djm at mindrot.org>:
>>
>>> On Fri, 1 Nov 2013, Markus Friedl wrote:
>>>
>>> Here are three versions (patch against openbsd cvs)
>>>
>>> 1) repace nacl w/libsodium, so i could test
>>> 2) curve25519-donna
>>> 3) Matthew's public domain reference implementation.
>>>
>>> i'd vote for #3
>>
>> Yes, me too.
>>
>> One thing: this patch will be incompatible with Aris' since we calculate
>> the hash over the DH values encoded as strings rather than (as he does)
>> bignums.
>>
>> IMO they should be strings because they aren't ever sent as bignums on
>> the wire, but if the Curve25519 support is widely deployed then it might
>> be too late to change. I don't think the encoding makes any appreciable
>> difference to security - the bignum encoding is unambiguous.
>>
>> -d
More information about the openssh-unix-dev
mailing list