mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ancoron Luciferis (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SSHD-440) Support curve25519-sha256 for KEX and Ed25519 keys
Date Wed, 01 Apr 2015 14:29:53 GMT

    [ https://issues.apache.org/jira/browse/SSHD-440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14390611#comment-14390611
] 

Ancoron Luciferis commented on SSHD-440:
----------------------------------------

Yes, but please note that RFC5656 is pretty old and due to recent activities in the security
domain pretty much everything has changed especially in regards to the security of elliptic
curves and also the OpenSSH project actually prefers Curve25519 with SHA2 since the end of
2013.

Furthermore, it is not derived from the "standard" NIST curves because of security concerns:
https://www.libssh.org/2013/11/03/openssh-introduces-curve25519-sha256libssh-org-key-exchange/

But in the end I am just a user that is concerned about the potential backdoors by which my
communication may be decrypted or open to a MITM attacks amongst others. As such (and in addition
to me being a european citizen and not one that has to adhere to USA laws), I'd like to have
non-NIST cryptography options working. :)

> Support curve25519-sha256 for KEX and Ed25519 keys
> --------------------------------------------------
>
>                 Key: SSHD-440
>                 URL: https://issues.apache.org/jira/browse/SSHD-440
>             Project: MINA SSHD
>          Issue Type: New Feature
>    Affects Versions: 0.14.0
>            Reporter: Ancoron Luciferis
>
> As an administrator of a production system running with Apache Karaf I want to secure
the system as much as possible.
> Based on the following article I would like to use the "curve25519-sha256" key exchange
mechanism and Ed25519 keys for the SSH server and client:
> * https://stribika.github.io/2015/01/04/secure-secure-shell.html
> \\
> The probably most stable implementation in pure Java is currently residing in I2P:
> * https://github.com/i2p/i2p.i2p/tree/master/core/java/src/net/i2p/crypto/eddsa
> \\
> ...although it seems to have originated at the following standalone library:
> * https://github.com/str4d/ed25519-java



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message