Multiple keys/methods per key exchange (e.g. multi-md5-sha1-md4 at libssh.org) Re: [PATCH] curve25519-sha256 at libssh.org key exchange proposal

Aris Adamantiadis aris at 0xbadc0de.be
Wed Sep 25 15:48:05 EST 2013


Le 24/09/13 23:39, Roland Mainz a écrit :

> Is it usefull to combine multiple hash algorithms/methods for a key exchange ?
> 
> The idea would be to use something like "md5" and "sha1" in a key
> exchange (and append the hash sums) ... individually there are
> obsolete and more or less cracked or have serious weaknesses, but if
> the hash sums are combined (e.g. appended... *NOT* XOR'ed !) it would
> be near impossible to exploit the known weaknesses for reasonable
> small data.
Hi,

That doesn't seem a very good idea. It is harmless, but currently we
still have no preimage attack on sha1, which would be needed to perform
such an attack. SHA2 is still very strong and that's what is used with
all ECDH key exchange. MD5 is used nowhere in SSH (and there's no
preimage attack for it either).
I am myself thinking of using SHA3 in sponge mode for the packet
authentication layer but it's probably overkill. Using existing crypto
correctly (like ETM mode) is probably more efficient.

Aris



More information about the openssh-unix-dev mailing list