search for: rfc7748

Hi all, I'm interested in having X448 protocol available as an option, as it gives a larger security margin over X25519. For anyone unfamiliar, it is an Diffie-Hellman elliptic curve key exchange using Curve448 (defined in RFC7748: https://tools.ietf.org/html/rfc7748). Furthermore, it is included in the new TLS 1.3 specification (RFC8846: https://tools.ietf.org/html/rfc8446). A few questions: 1. What has been OpenSSH's involvement in this related IETF draft, if any?: https://tools.ietf.org/id/draft-ietf-c...

On 09/13/2018 08:18 PM, Damien Miller wrote: > We have any plans to add more crypto options to OpenSSH without a strong > justification, and I don't see one for X448-SHA512 ATM. What I like about it is that it offers ~224 bit security level, whereas X25519 offers ~128 bits (according to RFC7748). Hence, pairing X448 with AES256 would provide a full chain of security in the ~224 bit level, no? It also provides an alternative to the NIST P-curves (like P-521), which some people suspect are back-doored by the NSA. P-521 in ECDSA has been supported by OpenSSH for awhile now. > It&...