Displaying 5 results from an estimated 5 matches for "ntru".
Did you mean:
ntnu
2024 Jul 30
1
SSH time increased significantly after upgrade to OpenSSH 9.6p1
On Sun, 28 Jul 2024, Darren Tucker wrote:
> OpenSSH 9.0 introduced a quantum resistant hybrid kex method as the
> highest priority method. Quoting
> https://www.openssh.com/releasenotes.html#9.0:
>
> * ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
> exchange method by default ("sntrup761x25519-sha512 at openssh.com").
> The NTRU algorithm is believed to resist attacks enabled by future
> quantum computers and is paired with the X25519 ECDH key exchange
> (the previous default) as a backsto...
2024 Jul 28
1
SSH time increased significantly after upgrade to OpenSSH 9.6p1
.... I see the most of the increase
> is here in receiving 'SSH2_MSG_KEX_ECDH_INIT received'. There is
> increase of about 336221 - 150435 = ~185 msec.
Here's the reason:
> //OpenSSH 9.6p1 logs
> Jul 23 17:42:50.150288 ifav87-apic2 sshd[1090464]: debug1: kex:
> algorithm: sntrup761x25519-sha512 at openssh.com [preauth]
> //OpenSSH 8.6p1
> Jul 23 17:32:24.932126 apic2 sshd[342983]: debug1: kex: algorithm:
> curve25519-sha256 [preauth]
OpenSSH 9.0 introduced a quantum resistant hybrid kex method as the
highest priority method. Quoting
https://www.openssh.com/rel...
2024 Jul 28
1
SSH time increased significantly after upgrade to OpenSSH 9.6p1
...list_hostkey_types: ssh-rsa [preauth]
Jul 23 17:42:50.150134 ifav87-apic2 sshd[1090464]: debug1:
SSH2_MSG_KEXINIT sent [preauth]
Jul 23 17:42:50.150251 ifav87-apic2 sshd[1090464]: debug1:
SSH2_MSG_KEXINIT received [preauth]
Jul 23 17:42:50.150288 ifav87-apic2 sshd[1090464]: debug1: kex:
algorithm: sntrup761x25519-sha512 at openssh.com [preauth]
Jul 23 17:42:50.150323 ifav87-apic2 sshd[1090464]: debug1: kex: host
key algorithm: ssh-rsa [preauth]
Jul 23 17:42:50.150363 ifav87-apic2 sshd[1090464]: debug1: kex:
client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
[preauth]
Jul 23 17:4...
2019 Apr 18
0
Announce: OpenSSH 8.0 released
...ease is focused on new features and internal refactoring.
New Features
------------
* ssh(1), ssh-agent(1), ssh-add(1): Add support for ECDSA keys in
PKCS#11 tokens.
* ssh(1), sshd(8): Add experimental quantum-computing resistant
key exchange method, based on a combination of Streamlined NTRU
Prime 4591^761 and X25519.
* ssh-keygen(1): Increase the default RSA key size to 3072 bits,
following NIST Special Publication 800-57's guidance for a
128-bit equivalent symmetric security level.
* ssh(1): Allow "PKCS11Provider=none" to override later instances of
the...
2019 Mar 27
26
Call for testing: OpenSSH 8.0
...ease is focused on new features and internal refactoring.
New Features
------------
* ssh(1), ssh-agent(1), ssh-add(1): Add support for ECDSA keys in
PKCS#11 tokens.
* ssh(1), sshd(8): Add experimental quantum-computing resistant
key exchange method, based on a combination of Streamlined NTRU
Prime 4591^761 and X25519.
* ssh-keygen(1): Increase the default RSA key size to 3072 bits,
following NIST Special Publication 800-57's guidance for a
128-bit equivalent symmetric security level.
* ssh(1): Allow "PKCS11Provide=none" to override later instances of
the P...