https://bugzilla.mindrot.org/show_bug.cgi?id=2995
Mark D Baushke <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #3 from Mark D Baushke <[email protected]> --- A general solution would be to put the cryptographic primitives used by OpenSSH into their own shared library so that someone who desires to create a cryptographic boundary around it would be able to do so. In this way, an OpenSSH built with --without-openssl could still be functional and become a stand-alone cryptographic module. I fully expect that NIST FIPS 186-5 will be published soon and will provide for a number of new algorithms which will also include ed25519, ed448 and chacha20-poly1305 in addition to the current set. The future may also hold curve25519 and curve448 even though they seem not to be in the next set of FIPS documents. Making these algorithms easy to test via the Automated Cryptographic Validation Testing URL: https://csrc.nist.gov/Projects/Automated-Cryptographic-Validation-Testing would seem to be generally useful to me in the long run as it would provide for fully exercising the cryptographic primitive implementations. Isolation of the algorithms from the SSH protocol may also allow for better optimization of these primitives and include the possibility of using acceleration instructions like AES (AES-NI) and SHA (SHA-NI) instructions available for some kinds of CPU (AMD, ARM, Intel, etc.) -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
