search for: curve25519

Displaying 20 results from an estimated 130 matches for "curve25519".

2015 Jun 10
7
curve25519
I have developed a compact at the same time high performance library for curve25519/ed25519 and I have placed it in the public domain. It support DH key exchange as well as ed25519 keygen, sign and verify. The implementation is constant-time, supports blinding, bulk-verify and more. The library is available as portable-C as well as ASM for Intel-x64 CPUs. It outperforms curve2551...
2013 Nov 02
3
[PATCH] curve25519-sha256@libssh.org key exchange proposal
...does libssh do? > Am 02.11.2013 um 05:46 schrieb Damien Miller <djm at mindrot.org>: > >> On Fri, 1 Nov 2013, Markus Friedl wrote: >> >> Here are three versions (patch against openbsd cvs) >> >> 1) repace nacl w/libsodium, so i could test >> 2) curve25519-donna >> 3) Matthew's public domain reference implementation. >> >> i'd vote for #3 > > Yes, me too. > > One thing: this patch will be incompatible with Aris' since we calculate > the hash over the DH values encoded as strings rather than (as he does)...
2013 Nov 01
1
[PATCH] curve25519-sha256@libssh.org key exchange proposal
Here are three versions (patch against openbsd cvs) 1) repace nacl w/libsodium, so i could test 2) curve25519-donna 3) Matthew's public domain reference implementation. i'd vote for #3 -------------- next part -------------- Am 30.10.2013 um 07:27 schrieb Damien Miller <djm at mindrot.org>: > On Tue, 24 Sep 2013, Aris Adamantiadis wrote: > >> Dear OpenSSH developers, &gt...
2013 Nov 02
2
[PATCH] curve25519-sha256@libssh.org key exchange proposal
Am 02.11.2013 um 11:38 schrieb Aris Adamantiadis <aris at 0xbadc0de.be>: > RFC4251 describes mpint to be multi-size and with positive values having > MSB clear, so it's clearly incompatible with raw string. > > Since you both agreed on the curve25519 implementation to use, I'll work > today on Markus' patch to make the changes Damien wanted. What do you want to change in my patch? I use string encoding for the pub keys both on the wire and for the hash. Only the shared secret uses mpint/bignum (for the hash). Should we use mpint...
2014 Apr 20
2
bad bignum encoding for curve25519-sha256@libssh.org
Hi, So I screwed up when writing the support for the curve25519 KEX method that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left leading zero bytes where they should have been skipped. The impact of this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a peer that implements curve25519-sha256 at libssh.org properly about 0.2...
2014 Apr 18
2
[Bug 2232] New: curve25519-sha256@libssh.org Signature Failures When 'ssh' Used with Dropbear, libssh Servers
https://bugzilla.mindrot.org/show_bug.cgi?id=2232 Bug ID: 2232 Summary: curve25519-sha256 at libssh.org Signature Failures When 'ssh' Used with Dropbear, libssh Servers Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5...
2014 Apr 18
3
[Bug 2233] New: curve25519-sha256@libssh.org Signature Failures When 'sshd' Used with Dropbear Clients
https://bugzilla.mindrot.org/show_bug.cgi?id=2233 Bug ID: 2233 Summary: curve25519-sha256 at libssh.org Signature Failures When 'sshd' Used with Dropbear Clients Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5...
2015 Sep 11
3
sshd key exchange security
...ars that most ssh servers, when using DHE key exchange, use the 1024-bit Oakley Group 2 and there is suspicion the NSA has done the pre-computations needed to passively decrypt any tls communication using DHE with that particular prime group. They recommend setting the following: KexAlgorithms curve25519-sha256 at libssh.org I don't even see that directive in my sshd config to set it, I suppose it may be one that is manually added when needed but I want to verify it actually means something in CentOS 7 ssh. Also I'm a little worried that maybe curve25519 is one of the curves that Red H...
2015 Apr 09
6
[Bug 2376] New: Add compile time option to disable Curve25519
https://bugzilla.mindrot.org/show_bug.cgi?id=2376 Bug ID: 2376 Summary: Add compile time option to disable Curve25519 Product: Portable OpenSSH Version: 6.8p1 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: Build system Assignee: unassigned-bugs at mindrot.org Reporter:...
2019 Feb 17
3
[PATCH] use ecdh/X25519 from openssl when possible (openssl-1.1.0+)
See attached: (1) patch against 7.9p1, tested with openssl 1.1.0j and openssl 1.1.1a on linux/i386; passes regression test and connects to unpatched sshd without problems; I hacked a bit regress/unittests/kex, and benchmarked do_kex_with_key("curve25519-sha256 at libssh.org", KEY_ED25519, 256); Before: 0.3295s per call After: 0.2183s per call That is, 50% speedup; assuming ed25519 (added to openssl in 1.1.1) takes about same time as ecdh/x25519, there are potential for total 200% speedup in KEX. (2) rebased patch against git master; pas...
2013 Nov 02
0
[PATCH] curve25519-sha256@libssh.org key exchange proposal
...02.11.2013 um 05:46 schrieb Damien Miller <djm at mindrot.org>: >> >>> On Fri, 1 Nov 2013, Markus Friedl wrote: >>> >>> Here are three versions (patch against openbsd cvs) >>> >>> 1) repace nacl w/libsodium, so i could test >>> 2) curve25519-donna >>> 3) Matthew's public domain reference implementation. >>> >>> i'd vote for #3 >> >> Yes, me too. >> >> One thing: this patch will be incompatible with Aris' since we calculate >> the hash over the DH values encoded as...
2013 Sep 24
9
[PATCH] curve25519-sha256@libssh.org key exchange proposal
...OpenSSH developers, I've worked this week on an alternative key exchange mechanism, in reaction to the whole NSA leaks and claims over cryptographic backdoors and/or cracking advances. The key exchange is in my opinion the most critical defense against passive eavesdropping attacks. I believe Curve25519 from DJB can give users a secure alternative to classical Diffie-Hellman (with fixed groups or group exchanges) and NIST-approved elliptic curves. Here is the rationale from the small specifications draft I wrote, available on http://tinyurl.com/q22npph : The reason is the following : During summ...
2013 Sep 24
2
Multiple keys/methods per key exchange (e.g. multi-md5-sha1-md4@libssh.org) Re: [PATCH] curve25519-sha256@libssh.org key exchange proposal
...; I've worked this week on an alternative key exchange mechanism, in > reaction to the whole NSA leaks and claims over cryptographic backdoors > and/or cracking advances. The key exchange is in my opinion the most > critical defense against passive eavesdropping attacks. > I believe Curve25519 from DJB can give users a secure alternative to > classical Diffie-Hellman (with fixed groups or group exchanges) and > NIST-approved elliptic curves. [snip] ... that reminds me of an old idea (note: I'm no expert in this stuff... which means the idea may be total nonsense... or not... :...
2023 Jun 30
1
Subsystem sftp invoked even though forced command created
On 30/06/2023 09:56, Damien Miller wrote: > It's very hard to figure out what is happening here without a debug log. > > You can get one by stopping the listening sshd and running it manually > in debug mode, e.g. "/usr/sbin/sshd -ddd" Or starting one in debug mode on a different port, e.g. "-p99 -ddd"
2024 Jan 26
1
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
On 25.01.24 14:09, Kaushal Shriyan wrote: > I am running the below servers on Red Hat Enterprise Linux release 8.7 > How do I enable strong KexAlgorithms, Ciphers and MACs On RHEL 8, you need to be aware that there are "crypto policies" modifying sshd's behaviour, and it would likely be the *preferred* method to inject your intended config changes *there* (unless they
2015 May 23
2
Weak DH primes and openssh
> Can this be addressed in ssh_config/sshd_config with the KexAlgorithms setting? weakdh.org/sysadmin.html recommends adding: KexAlgorithms curve25519-sha256 at libssh.org But this thread makes it sound as if it's not necessary. Can anyone confirm? Personally I'm on openssh-6.7. - Grant > You will be aware of https://weakdh.org/ by now, I presume; the take-home seems to be that 1024-bit DH primes might well be too weak. > I...
2024 Jan 27
2
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
...argument transfers (cve) CVE-2019-16905 -- (CVSSv2: 7.8) memory corruption and local code execution via pre-authentication integer overflow (cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response # key exchange algorithms (kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76 (kex) curve25519-sha256 -- [info] default key exchange since OpenSSH 6.4 (kex) curve25519-sha256 at libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62 (kex) curve2...
2016 Oct 19
4
SSH Weak Ciphers
...html). > > Regards, > Leonard. > For web server ECDSA certs is currently a concern because the only curves with popular support across browsers have parameters that were chosen for undocumented reasons. That doesn't mean they are vulnerable but there is a question. OpenSSH uses Curve25519 for ECDSA which has documented reasons for the parameters chosen and thus are far less likely to be nefariously chosen. At least that's my understanding of the situation, which could be flawed.
2019 Feb 15
2
Can we disable diffie-hellman-group-exchange-sha1 by default?
I referred to the fact that there is no value for 4096-bit groups at all. For higher strengths than 128 bits one should probably not use non-EC crypto at all, as the document suggests. On Fri, Feb 15, 2019 at 9:19 AM Darren Tucker <dtucker at dtucker.net> wrote: > > On Fri, 15 Feb 2019 at 16:45, Yegor Ievlev <koops1997 at gmail.com> wrote: > > That doesn't seem to be
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
...H* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to {REDACTED}:22 as 'ryantm' debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ecdsa-sh...