Re: No point compression in SSH2_MSG_KEX_ECDH_INIT

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 1/02/17 12:37, Damien Miller wrote:
> On Tue, 31 Jan 2017, JCA wrote:
>
>> I have noticed that the EC public key sent in the SSH2_MSG_KEX_ECDH_INIT
>> message is sent without point compression. Are there any plans to use point
>> compression eventually? I imagine that, in part, you guys are not yet
>> implementing it for patent reasons, right?
> I'm not aware of any plans for implementing point compression and I
> don't plan on adding it myself. Motivation for not including it was
> as much keeping the pre-auth code as simple as possible as anything
> else.
When I implemented ecdsa and ecdh in libssh I couldn't even find the
code relevant to point compression in OpenSSL, because it does not
exist. Apparently solving a second order equation in GFp is patented.
Curve25519 and ed25519 don't have that problem, because they don't need
point compression.

Aris

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux