Re: New version of rsa-sha2-512 draft posted: no more DSA

To: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Subject: Re: New version of rsa-sha2-512 draft posted: no more DSA
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: Sun, 08 Nov 2015 19:30:45 +0100

Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost> writes:

> Hmm, I wonder if it'd be worth doing a profile of SSH for embedded use?  It'd
> certainly help clear some interop headaches, and give the SCADA folks a target
> to aim for.

I think we should try our best to have the set of REQUIRED algorithms
make sense on constrained embedded systems.

(Which might be a good reason to move forward with ed25519 and
curve25519. A few years ago I ported dropbear to a proprietary and
pretty slow embedded device, with only 8-bit arithmetic hardware. IIRC,
we constrained it to 1024-but RSA and group1 only. And after some pretty
serious but not exhaustive optimization (basically ripping out most of
libtomcrypt and replacing it with platform specific routines in assembly
and microcode), initial key exchange still took almost one minute. A
careful implementation of curve25519 and ed25519 would likely have
brought down the keyexchange time to something a bit more
user-friendly).

Regards
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

Follow-Ups:
- RE: New version of rsa-sha2-512 draft posted: no more DSA
  - From: Peter Gutmann

References:
- Re: New version of rsa-sha2-512 draft posted: no more DSA
  - From: denis bider
- RE: New version of rsa-sha2-512 draft posted: no more DSA
  - From: Peter Gutmann

Prev by Date: Re: New version of rsa-sha2-512 draft posted: no more DSA
Next by Date: RE: New version of rsa-sha2-512 draft posted: no more DSA
Previous by Thread: RE: New version of rsa-sha2-512 draft posted: no more DSA
Next by Thread: RE: New version of rsa-sha2-512 draft posted: no more DSA
Indexes:

Home | Main Index | Thread Index | Old Index