Support for ecdsa certs

Ed W lists at wildgooses.com
Tue Aug 30 20:35:26 WST 2011


Hi

> Sorry for the delayed reply. I have a very brief look at it.
> The actual SSH protocol parts probably aren't too hard to
> implement, just some similar bits to the existing code in
> *kex.c and dsa.c.  However I don't know how good
> libtomcrypt and libtommath's ECC support is, so possibly
> that could be a problem. 

Thanks for considering this, I notice that libtomcrypt *claims* to
support ECC, so there at least seems some hope? Is there any
straightforward way to emulate the code for a key exchange to see if it
breaks?

Just for reference, the end goal is that you can get quite a dramatic
decrease in bandwidth used, with a few tweaks to the SSH config.  If you
sniff the exchange (which I'm sure you are very familiar with), then
openssh spends most of it's startup bandwidth on sending a huge list of
key exchange/mac/encryption options. By artificially limiting these to a
subset that work with all my systems I can quite dramatically cut the
bandwidth at connection (those reading at home, please try it, quite
instructive).  The trick is getting all the systems to support a
reasonable subset of algorithms ...

Obviously many folks don't care, but I am increasingly finding myself
using cellular networks, then an extra couple of KB per connection,
multiply up by some many connections a day and you are quickly into
sensible bandwidth.  Some of my systems are on satellite, where
bandwidth has quite some cost

At the moment I'm running some test openssh system with the following
config:

    MACs umac-64 at openssh.com,hmac-sha1,hmac-md5
    Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128
    KexAlgorithms
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

I'm interested in comments/critique, but I would desire to reduce the
KexAlgorithms further, ideally just the ecdh and the (mandatory?) dh
option.  Also the certs are somewhat smaller themselves with ecdsa. End
result seems distinctly more snappy (I guess you can fit in the tcp slow
start window?)


Thanks for listening!

Ed W


More information about the Dropbear mailing list