SSH time increased significantly after upgrade to OpenSSH 9.6p1
Damien Miller
djm at mindrot.org
Tue Jul 30 10:28:25 AEST 2024
On Sun, 28 Jul 2024, Darren Tucker wrote:
> OpenSSH 9.0 introduced a quantum resistant hybrid kex method as the
> highest priority method. Quoting
> https://www.openssh.com/releasenotes.html#9.0:
>
> * ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
> exchange method by default ("sntrup761x25519-sha512 at openssh.com").
> The NTRU algorithm is believed to resist attacks enabled by future
> quantum computers and is paired with the X25519 ECDH key exchange
> (the previous default) as a backstop against any weaknesses in
> NTRU Prime that may be discovered in the future. The combination
> ensures that the hybrid exchange offers at least as good security
> as the status quo.
>
> This is more expensive than the previous defaults. You can disable
> this if necessary on either the server or client configs, see
> KexAlgorithms in ssh_config(5) and sshd_config(5).
We should look at using an optimised version of NTRUPrime, at the moment
we're just using a generic version that isn't very fast. There's probably
a 3-5x saving to be made...
-d
More information about the openssh-unix-dev
mailing list