IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: New version of rsa-sha2-512 draft posted: no more DSA
Apologies for my ignorance about the embedded situation. That's interesting to know.
I was wondering how much SSH there is on embedded devices. I'm glad to hear you have that covered. :-)
I understand SHA-2 512 won't fit into P-256. It does fit into RSA, though, and I was figuring it would not be a problem for applications to support both hash types.
No problem if it's impractical, though. I appreciate the information!
I'll prepare new stuff hopefully tomorrow.
----- Original Message -----
From: Peter Gutmann
Sent: Friday, November 6, 2015 18:51
To: denis bider
Cc: ietf-ssh%netbsd.org@localhost
Subject: RE: New version of rsa-sha2-512 draft posted: no more DSA
denis bider <ietf-ssh3%denisbider.com@localhost> writes:
>From my perspective, SHA-2 512 seems like the clear winner in the RSA
>situation, due to 64-bit CPUs being destined for ubiquity (already ubiquitous
>on desktops, a few years away on mobile),
... and decades away on embedded. Most of my users are running SSH on
embedded platforms, for which the presence of 64-bit is close to zero, and no
plan to move to that. I probably have more SSH running on 16-bit embedded
than 64-bit embedded.
>why not have a larger hash output at no additional cost (it's embedded in the
>signature, anyway).
Not if you're using P-256 rather than RSA. Only SHA-256 will work with P-256
which (again from the Mozilla discussion) is the most widely-used parameter
set, with P-521 (needed for -512) being barely used:
lots of products can (and, it seems, are planning to, or already are)
omitting support for P-521.
(Comment from https://mozillians.org/en-US/u/briansmith/)
(You can truncate -512 to make it work with P-256, but I wouldn't want to take
any bets on how well-supported that will be in practice).
>However, if there are platforms where availability is a problem, then okay,
>let's have both versions. I'll update the draft to re-add rsa-sha2-256, and
>make that recommended, and -512 optional.
Thanks!
Peter.
Home |
Main Index |
Thread Index |
Old Index