Damien Miller
2013-Nov-02 04:46 UTC
[PATCH] curve25519-sha256@libssh.org key exchange proposal
On Fri, 1 Nov 2013, Markus Friedl wrote:> Here are three versions (patch against openbsd cvs) > > 1) repace nacl w/libsodium, so i could test > 2) curve25519-donna > 3) Matthew's public domain reference implementation. > > i'd vote for #3Yes, me too. One thing: this patch will be incompatible with Aris' since we calculate the hash over the DH values encoded as strings rather than (as he does) bignums. IMO they should be strings because they aren't ever sent as bignums on the wire, but if the Curve25519 support is widely deployed then it might be too late to change. I don't think the encoding makes any appreciable difference to security - the bignum encoding is unambiguous. -d
Markus Friedl
2013-Nov-02 06:57 UTC
[PATCH] curve25519-sha256@libssh.org key exchange proposal
It should be compatible with the original patch. However I think that the shared secret should be encoded as a string, too. What does libssh do?> Am 02.11.2013 um 05:46 schrieb Damien Miller <djm at mindrot.org>: > >> On Fri, 1 Nov 2013, Markus Friedl wrote: >> >> Here are three versions (patch against openbsd cvs) >> >> 1) repace nacl w/libsodium, so i could test >> 2) curve25519-donna >> 3) Matthew's public domain reference implementation. >> >> i'd vote for #3 > > Yes, me too. > > One thing: this patch will be incompatible with Aris' since we calculate > the hash over the DH values encoded as strings rather than (as he does) > bignums. > > IMO they should be strings because they aren't ever sent as bignums on > the wire, but if the Curve25519 support is widely deployed then it might > be too late to change. I don't think the encoding makes any appreciable > difference to security - the bignum encoding is unambiguous. > > -d
Reasonably Related Threads
- [PATCH] curve25519-sha256@libssh.org key exchange proposal
- [PATCH] curve25519-sha256@libssh.org key exchange proposal
- [PATCH] curve25519-sha256@libssh.org key exchange proposal
- [PATCH] curve25519-sha256@libssh.org key exchange proposal
- bad bignum encoding for curve25519-sha256@libssh.org