Re: X448 Key Exchange

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 




On Thu, 13 Sep 2018, Joseph S. Testa II wrote:

> Hi all,
> 
>    I'm interested in having X448 protocol available as an option, as it gives
> a larger security margin over X25519.  For anyone unfamiliar, it is an
> Diffie-Hellman elliptic curve key exchange using Curve448 (defined in RFC7748:
> https://tools.ietf.org/html/rfc7748).  Furthermore, it is included in the new
> TLS 1.3 specification (RFC8846: https://tools.ietf.org/html/rfc8446).
> 
>    A few questions:
> 
>      1. What has been OpenSSH's involvement in this related IETF draft, if
> any?: https://tools.ietf.org/id/draft-ietf-curdle-ssh-curves-08.html
> 
>      2. Has there been any (even informal) plans for including X448?
> 
>      3. Has anyone begun an implementation yet?

We have any plans to add more crypto options to OpenSSH without a strong
justification, and I don't see one for X448-SHA512 ATM.

It's hard to imagine a world where X25519-SHA256 is broken but
X448-SHA512 is unaffected. AFAIK The most likely ways that X25519-SHA256
could fail are:

1) discovery of weaknesses in prime field EC crypto. This would almost
certainly affect both X25519/X448.

2) working quantum computers. Exciting times, everything breaks.

3) a weakness in SHA256. Online key agreement protocols like SSH KEX are
the last thing affected by collisions, because the attacker has such a
limited window in which to generate one and limited degrees of freedom
to manipulate the colliding data.

Personally, I'm more interested in a post-quantum KEX than another of the
same species...

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux