[
https://issues.apache.org/jira/browse/SSHD-440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14390611#comment-14390611
]
Ancoron Luciferis commented on SSHD-440:
----------------------------------------
Yes, but please note that RFC5656 is pretty old and due to recent activities in
the security domain pretty much everything has changed especially in regards to
the security of elliptic curves and also the OpenSSH project actually prefers
Curve25519 with SHA2 since the end of 2013.
Furthermore, it is not derived from the "standard" NIST curves because of
security concerns:
https://www.libssh.org/2013/11/03/openssh-introduces-curve25519-sha256libssh-org-key-exchange/
But in the end I am just a user that is concerned about the potential backdoors
by which my communication may be decrypted or open to a MITM attacks amongst
others. As such (and in addition to me being a european citizen and not one
that has to adhere to USA laws), I'd like to have non-NIST cryptography options
working. :)
> Support curve25519-sha256 for KEX and Ed25519 keys
> --------------------------------------------------
>
> Key: SSHD-440
> URL: https://issues.apache.org/jira/browse/SSHD-440
> Project: MINA SSHD
> Issue Type: New Feature
> Affects Versions: 0.14.0
> Reporter: Ancoron Luciferis
>
> As an administrator of a production system running with Apache Karaf I want
> to secure the system as much as possible.
> Based on the following article I would like to use the "curve25519-sha256"
> key exchange mechanism and Ed25519 keys for the SSH server and client:
> * https://stribika.github.io/2015/01/04/secure-secure-shell.html
> \\
> The probably most stable implementation in pure Java is currently residing in
> I2P:
> *
> https://github.com/i2p/i2p.i2p/tree/master/core/java/src/net/i2p/crypto/eddsa
> \\
> ...although it seems to have originated at the following standalone library:
> * https://github.com/str4d/ed25519-java
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
