IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: New version of rsa-sha2-512 draft posted: no more DSA



Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost> writes:

> Hmm, I wonder if it'd be worth doing a profile of SSH for embedded use?  It'd
> certainly help clear some interop headaches, and give the SCADA folks a target
> to aim for.

I think we should try our best to have the set of REQUIRED algorithms
make sense on constrained embedded systems.

(Which might be a good reason to move forward with ed25519 and
curve25519. A few years ago I ported dropbear to a proprietary and
pretty slow embedded device, with only 8-bit arithmetic hardware. IIRC,
we constrained it to 1024-but RSA and group1 only. And after some pretty
serious but not exhaustive optimization (basically ripping out most of
libtomcrypt and replacing it with platform specific routines in assembly
and microcode), initial key exchange still took almost one minute. A
careful implementation of curve25519 and ed25519 would likely have
brought down the keyexchange time to something a bit more
user-friendly).

Regards
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.



Home | Main Index | Thread Index | Old Index