search for: tinyssh

There were a few notes in this thread that may indicate open areas for development. I forward merely as FYI. http://www.metzdowd.com/pipermail/cryptography/2015-January/024231.html ---------- Forwarded message ---------- From: Peter Gutmann <pgut001 at cs.auckland.ac.nz> Date: Sun, Jan 4, 2015 at 9:29 PM Subject: Re: [Cryptography] Why aren?t we using SSH for everything? To: calestyo at

...ndrot.org Subject: Re: Fwd: [Cryptography] Why aren?t we using SSH for everything? All our protocol extensions are documented in PROTOCOL.* in our source. Other open-source implementations have adopted some of our extensions (e.g. OpenSSH certificates in Go's x/crypto/ssh, chacha20-poly1305 in tinyssh) and we have adopted extensions from other open-source implementations (e.g. curve25519-sha256 at libssh.org). I've kinda given up trying to write things up for the IETF. It's dominated by commerical vendors and people with more inclination to argue on mailing lists than write good softwar...

...t itself. * All: wait for file descriptors to be readable or writeable during non-blocking connect, not just readable. Prevents a timeout when the server doesn't immediately send a banner (e.g. multiplexers like sslh) * sshd_config(5): document the sntrup4591761x25519-sha512 at tinyssh.org key exchange algorithm. PR#151 Portability ----------- * sshd(8): multiple adjustments to the Linux seccomp sandbox: - Non-fatally deny IPC syscalls in sandbox - Allow clock_gettime64() in sandbox (MIPS / glibc >= 2.31) - Allow clock_nanosleep_time64 in sandbox (ARM) bz3100...

...t itself. * All: wait for file descriptors to be readable or writeable during non-blocking connect, not just readable. Prevents a timeout when the server doesn't immediately send a banner (e.g. multiplexers like sslh) * sshd_config(5): document the sntrup4591761x25519-sha512 at tinyssh.org key exchange algorithm. PR#151 Portability ----------- * sshd(8): multiple adjustments to the Linux seccomp sandbox: - Non-fatally deny IPC syscalls in sandbox - Allow clock_gettime64() in sandbox (MIPS / glibc >= 2.31) - Allow clock_nanosleep_time64 in sandbox (ARM) bz3100...

...t itself. * All: wait for file descriptors to be readable or writeable during non-blocking connect, not just readable. Prevents a timeout when the server doesn't immediately send a banner (e.g. multiplexers like sslh) * sshd_config(5): document the sntrup4591761x25519-sha512 at tinyssh.org key exchange algorithm. PR#151 Portability ----------- * sshd(8): multiple adjustments to the Linux seccomp sandbox: - Non-fatally deny IPC syscalls in sandbox - Allow clock_gettime64() in sandbox (MIPS / glibc >= 2.31) - Allow clock_nanosleep_time64 in sandbox (ARM) bz3100...

...t itself. * All: wait for file descriptors to be readable or writeable during non-blocking connect, not just readable. Prevents a timeout when the server doesn't immediately send a banner (e.g. multiplexers like sslh) * sshd_config(5): document the sntrup4591761x25519-sha512 at tinyssh.org key exchange algorithm. PR#151 Portability ----------- * sshd(8): multiple adjustments to the Linux seccomp sandbox: - Non-fatally deny IPC syscalls in sandbox - Allow clock_gettime64() in sandbox (MIPS / glibc >= 2.31) - Allow clock_nanosleep_time64 in sandbox (ARM) bz3100...