Displaying 7 results from an estimated 7 matches for "safecurves".
2018 May 25
5
Strange crypto choices
...m,
ecdsa-sha2-nistp384-cert-v01 at openssh.com,
ecdsa-sha2-nistp521-cert-v01 at openssh.com,
ssh-ed25519-cert-v01 at openssh.com,
ssh-rsa-cert-v01 at openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-ed25519,ssh-rsa
Why does OpenSSH prefer older and less secure
(https://safecurves.cr.yp.to/) ECDSA with NIST curves over Ed25519?
Also why are smaller key, curve and hash sizes preferred over bigger
ones?
The default ciphers are:
chacha20-poly1305 at openssh.com,
aes128-ctr,aes192-ctr,aes256-ctr,
aes128-gcm at openssh.com,aes256-gcm at openssh.com
Why is CTR mode preferred o...
2018 May 27
2
Strange crypto choices
On Sat, 26 May 2018, Christian Weisgerber wrote:
> On 2018-05-25, Yegor Ievlev <koops1997 at gmail.com> wrote:
>
> > The defaults for HostKeyAlgorithms option are: [...]
> > Why does OpenSSH prefer older and less secure
> > (https://safecurves.cr.yp.to/) ECDSA with NIST curves over Ed25519?
>
> I asked Markus and Damien about this in the past but honestly don't
> remember the answer. Some of the potential reasons (lack of
> standardization, no DNS fingerprint, ...) seem to no longer apply.
> I've been wanting to...
2019 Feb 15
2
Can we disable diffie-hellman-group-exchange-sha1 by default?
I referred to the fact that there is no value for 4096-bit groups at
all. For higher strengths than 128 bits one should probably not use
non-EC crypto at all, as the document suggests.
On Fri, Feb 15, 2019 at 9:19 AM Darren Tucker <dtucker at dtucker.net> wrote:
>
> On Fri, 15 Feb 2019 at 16:45, Yegor Ievlev <koops1997 at gmail.com> wrote:
> > That doesn't seem to be
2018 May 27
2
Strange crypto choices
...8, Christian Weisgerber wrote:
> >
> >> On 2018-05-25, Yegor Ievlev <koops1997 at gmail.com> wrote:
> >>
> >> > The defaults for HostKeyAlgorithms option are: [...]
> >> > Why does OpenSSH prefer older and less secure
> >> > (https://safecurves.cr.yp.to/) ECDSA with NIST curves over Ed25519?
> >>
> >> I asked Markus and Damien about this in the past but honestly don't
> >> remember the answer. Some of the potential reasons (lack of
> >> standardization, no DNS fingerprint, ...) seem to no longer ap...
2017 Sep 21
5
DH Group Exchange Fallback
Hi,
I'm interested in requiring a minimum of 3072-bit DH moduli when
using the "diffie-hellman-group-exchange-sha256" kex, so I edited my
/etc/ssh/moduli file such that only 3071+ moduli are left. However,
when clients ask for a max of 2048-bit moduli, they actually get one
(!). I poked around and found that a fallback mechanism exists
(dh.c:185), which returns back the
2013 Sep 14
4
Elliptic curves in tinc
In the past 24 hours multiple persons have contacted me regarding the use of
elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA
might have weakened algorithms and/or elliptic curves published by NIST.
The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key
exchange and authentication, in such a way that it has the perfect forward
secrecy (PFS)
2013 Sep 14
4
Elliptic curves in tinc
In the past 24 hours multiple persons have contacted me regarding the use of
elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA
might have weakened algorithms and/or elliptic curves published by NIST.
The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key
exchange and authentication, in such a way that it has the perfect forward
secrecy (PFS)