Hi Rene,
At 09:05 01-05-2014, Rene Struik wrote:
Ed25519 somewhat). Tweaking Ed25519 could be done as follows: for
ephemeral private keys one can simply use as hash function SHA-256
(since the curve has very close to a power of two number of elements
biases are close to zero, so Bleichenbacher-style attacks do not apply);
instead of using SHA-512(k) use SHA-256(k,0) || SHA-256(k,1). The use of
hash functions for generation of ephemeral and static private keys does
not influence interoperability; only the choice of hash function for the
Schnorr-style signing equation does, since affecting the signature
component s.
I am following up on the above. I discussed the above with OpenSSH
people. The feature was introduced in January (see
http://www.openssh.com/txt/release-6.5 ). A significant
consideration is that the proposed change will create an
incompatibility with what has already been deployed [1][2].
Regards,
S. Moonesamy
1. https://launchpad.net/ubuntu/+source/openssh/1:6.5p1-1
2.
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=2522509+0+/usr/local/www/db/text/2014/svn-ports-all/20140209.svn-ports-all