search for: ntru

On Sun, 28 Jul 2024, Darren Tucker wrote: > OpenSSH 9.0 introduced a quantum resistant hybrid kex method as the > highest priority method. Quoting > https://www.openssh.com/releasenotes.html#9.0: > > * ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key > exchange method by default ("sntrup761x25519-sha512 at openssh.com"). > The NTRU algorithm is believed to resist attacks enabled by future > quantum computers and is paired with the X25519 ECDH key exchange > (the previous default) as a backsto...

.... I see the most of the increase > is here in receiving 'SSH2_MSG_KEX_ECDH_INIT received'. There is > increase of about 336221 - 150435 = ~185 msec. Here's the reason: > //OpenSSH 9.6p1 logs > Jul 23 17:42:50.150288 ifav87-apic2 sshd[1090464]: debug1: kex: > algorithm: sntrup761x25519-sha512 at openssh.com [preauth] > //OpenSSH 8.6p1 > Jul 23 17:32:24.932126 apic2 sshd[342983]: debug1: kex: algorithm: > curve25519-sha256 [preauth] OpenSSH 9.0 introduced a quantum resistant hybrid kex method as the highest priority method. Quoting https://www.openssh.com/rel...

...list_hostkey_types: ssh-rsa [preauth] Jul 23 17:42:50.150134 ifav87-apic2 sshd[1090464]: debug1: SSH2_MSG_KEXINIT sent [preauth] Jul 23 17:42:50.150251 ifav87-apic2 sshd[1090464]: debug1: SSH2_MSG_KEXINIT received [preauth] Jul 23 17:42:50.150288 ifav87-apic2 sshd[1090464]: debug1: kex: algorithm: sntrup761x25519-sha512 at openssh.com [preauth] Jul 23 17:42:50.150323 ifav87-apic2 sshd[1090464]: debug1: kex: host key algorithm: ssh-rsa [preauth] Jul 23 17:42:50.150363 ifav87-apic2 sshd[1090464]: debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none [preauth] Jul 23 17:4...

...ease is focused on new features and internal refactoring. New Features ------------ * ssh(1), ssh-agent(1), ssh-add(1): Add support for ECDSA keys in PKCS#11 tokens. * ssh(1), sshd(8): Add experimental quantum-computing resistant key exchange method, based on a combination of Streamlined NTRU Prime 4591^761 and X25519. * ssh-keygen(1): Increase the default RSA key size to 3072 bits, following NIST Special Publication 800-57's guidance for a 128-bit equivalent symmetric security level. * ssh(1): Allow "PKCS11Provider=none" to override later instances of the...

...ease is focused on new features and internal refactoring. New Features ------------ * ssh(1), ssh-agent(1), ssh-add(1): Add support for ECDSA keys in PKCS#11 tokens. * ssh(1), sshd(8): Add experimental quantum-computing resistant key exchange method, based on a combination of Streamlined NTRU Prime 4591^761 and X25519. * ssh-keygen(1): Increase the default RSA key size to 3072 bits, following NIST Special Publication 800-57's guidance for a 128-bit equivalent symmetric security level. * ssh(1): Allow "PKCS11Provide=none" to override later instances of the P...