ED25519 key support?
Mike Frysinger
vapier at gentoo.org
Wed Jun 29 06:50:54 AWST 2016
On 26 Jun 2016 13:13, Stephen Kent wrote:
> 1) Feature parity with OpenSSH, which has supported ED25519 user and
> host keys since version 6.5.
even more importantly, recent openssh versions can be built w/out openssl
entirely. this makes the result smaller and easier to reason about from
a security pov. the downside is that only ED25519 is supported.
> 2) I'm not a security expert, but there's some discussion suggesting
> that ECDSA may be compromised or vulnerable to attack by the NSA. See
> this page and the linked pages:
> https://stribika.github.io/2015/01/04/secure-secure-shell.html
> It may be desirable for some people to allow the use of ED25519 keys
> instead.
much of the concern around ECC w/the NSA was centered on the specific
constants selected in the NIST recommendations. and Dual_EC_DRBG
which everyone has dropped now.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20160628/48e8071d/attachment.sig
More information about the Dropbear
mailing list