On Sun, 28 Jul 2024, Darren Tucker wrote: > OpenSSH 9.0 introduced a quantum resistant hybrid kex method as the > highest priority method. Quoting > https://www.openssh.com/releasenotes.html#9.0: > > * ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key > exchange method by default ("sntrup761x25519-sha512@xxxxxxxxxxx"). > The NTRU algorithm is believed to resist attacks enabled by future > quantum computers and is paired with the X25519 ECDH key exchange > (the previous default) as a backstop against any weaknesses in > NTRU Prime that may be discovered in the future. The combination > ensures that the hybrid exchange offers at least as good security > as the status quo. > > This is more expensive than the previous defaults. You can disable > this if necessary on either the server or client configs, see > KexAlgorithms in ssh_config(5) and sshd_config(5). We should look at using an optimised version of NTRUPrime, at the moment we're just using a generic version that isn't very fast. There's probably a 3-5x saving to be made... -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
