similar to: [Bug 3475] New: ED25519 signature verification nondeterministic spurious failure

https://bugzilla.mindrot.org/show_bug.cgi?id=3629 Bug ID: 3629 Summary: Building with Clang-17 fails due to -fzero-call-used-regs Product: Portable OpenSSH Version: 9.5p1 Hardware: amd64 OS: Mac OS X Status: NEW Severity: critical Priority: P5 Component: Build system

https://bugzilla.mindrot.org/show_bug.cgi?id=3628 Bug ID: 3628 Summary: tracking bug for openssh-9.6 Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Keywords: meta Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:

Hello, Is it possible to sign/verify data with the ed25519 keys of a tinc 1.1 host? More specifically, is it possible to sign a file with these keys using openssl? If so, how? If not, what program could be used, and how? Thanks and cheers, @

https://bugzilla.mindrot.org/show_bug.cgi?id=3195 Bug ID: 3195 Summary: ssh-keygen unable to convert ED25519 public keys Product: Portable OpenSSH Version: 8.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee:

Hi, Markus has just committed a few changes that add support for the Ed25519 signature algorithm[1] as a new private key type. This algorithm has a few benefits: it is fast (comparable to ECDSA and RSA), offers 256-bit security and doesn't require random numbers to generate a signature. This last property means it completely avoids (EC-)DSA's horrible, private-key leaking problem when fed

What I'm hearing in this thread is: "a minority of people on planet Earth have a problem with the open-source implementation of ED25519, but instead of letting that minority choose to re-implement it when/if they want to, the rest of the community needs to stall their progress in improving security." And isn't the ED25519 code is already there on their machine? So isn't

Hello. Subramanian Moonesamy has gotten the ball rolling to include Ed25519 in IANA's registry for SSHFP key types [1]. I've opened a bug report [2] that includes a patch that adds the needed support code and provisionally assigns Ed25519 a value of 4 (values 1,2,3 reserved for RSA, DSA, and ECDA, respectively) [3]. The enhancement request/bug is meant to keep the issue on the radar.

Dear all, Ed25519 public keys being as small as they are is very convenient. There is an opportunity to nudge the world towards modern algorithms. I believe choices made in OpenSSH can positively impact the wider eco-system and industry. I'd like to suggest ssh-keygen to generate an Ed25519 keypair, if invoked without any arguments. OpenSSH has supported Ed25519 since version 6.5 (January

https://bugzilla.mindrot.org/show_bug.cgi?id=3202 Bug ID: 3202 Summary: Ed25519 key on HSM is not getting listed in ssh-add -l command Product: Portable OpenSSH Version: 8.2p1 Hardware: ARM64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-add

https://bugzilla.mindrot.org/show_bug.cgi?id=2197 Bug ID: 2197 Summary: Add ED25519 support to SSHFP dns record Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

Hello. I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host keys. My /etc/ssh/ssh_known_hosts file contains the server's ssh-ed25519 host key. When I try to SSH to the server I get this error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

https://bugzilla.mindrot.org/show_bug.cgi?id=2695 Bug ID: 2695 Summary: inconsistent outout of "ssh.add -l" between ed25519 and rsa keys Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=2223 Bug ID: 2223 Summary: Ed25519 support in SSHFP DNS resource records Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

On 9/4/23 16:43, Joseph S. Testa II wrote: > I very often see IT personnel and developers simply use the default > options for ssh-keygen. They just don't care/don't know to care. > Switching the default to ED25519 would bring the equivalent security > up from 112-bits to 128-bits (as 2048-bit RSA is equivalent to 112-bits > of symmetric strength), which would be a nice

Here you go: OpenSSH_7.9p1, OpenSSL 1.1.1d 10 Sep 2019 debug1: Reading configuration data /home/ryantm/.ssh/config debug1: /home/ryantm/.ssh/config line 4: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 13: Applying options for * debug2: resolving "{REDACTED}" port 22 debug2: ssh_connect_direct debug1: Connecting to

Hi All, I finally got around to trying to test the 7.7p1 release on the HPE NonStop Platform. 7.6p1 worked just fine - no issues at all. In 7.7p1, when the agent test ran, the following happened (prior tests worked perfectly): run test agent.sh ... Couldn't open logfile /home/git/openssh-portable/regress/ssh.log: Permission denied agent fwd failed (exit code 1) failed simple agent test

I think it might be. I’m attaching a preprocessed file that can show the problem. Compile it with ToT. $ clang++ -g -fvisibility-inlines-hidden -fno-exceptions -fno-rtti -fno-common -Woverloaded-virtual -Wcast-qual -fno-strict-aliasing -m64 -pedantic -Wno-long-long -Wall -W -Wno-unused-parameter -Wwrite-strings -Wcovered-switch-default -Wno-uninitialized -Wno-missing-field-initializers -c

I think that debug info is slowing a self-hosting build down. This build has been going for ages now and shows no sign of quitting. To reproduce, build a Release+Asserts build of clang. Then use that to build a Debug+Asserts version. Include all of the bells and whistles, like the clang-extras and compiler-rt libraries. The reason I suspect debug info is because of this stack trace: [morbo:llvm]

Hi Bill Is this a recent regression? I recently changed the debug info verifier to fix a bug. Thanks, Manman > On Nov 17, 2013, at 5:52 PM, Bill Wendling <isanbard at gmail.com> wrote: > > I think that debug info is slowing a self-hosting build down. This build has been going for ages now and shows no sign of quitting. To reproduce, build a Release+Asserts build of clang. Then

Hi Bill, Thanks for the testing case. Most of the time is spent on debug info verifier. I fixed a bug in r194974, now it takes too long to run debug info verification. Debug info verifier is part of the verifier which is a Function Pass. Tot currently tries to pull all reachable debug info MDNodes in each function, which is too time-consuming. The correct fix seems to be separating debug info