RE: New version of rsa-sha2-512 draft posted: no more DSA

To: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Subject: RE: New version of rsa-sha2-512 draft posted: no more DSA
From: Damien Miller <djm%mindrot.org@localhost>
Date: Mon, 9 Nov 2015 10:49:21 +1100 (AEDT)

On Sun, 8 Nov 2015, Peter Gutmann wrote:

> Damien Miller <djm%mindrot.org@localhost> writes:
> 
> >Moreover, any SSH implementation that supports ed25519 in the future will
> >need SHA512 for it's inner hash, so it's not like it will be extra code to
> >carry around.
> 
> This assumes that your implementation carries an entire crypto library around
> with it.  Many don't, but use the host's crypto.  If the host doesn't support
> algorithm X, then you're out of luck.

What I'm saying is that any implementation that does ed25519 keys will
also need to support SHA512. So SHA512 seems like a good choice if you
care about minimising the amount of code that you want to carry around.

ed25519 looks like it will be an excellent choice for embedded devices,
and Peter Schwabe has a couple of MCU ports (inc. 8 bit AVR) already.

-d

References:
- New version of rsa-sha2-512 draft posted: no more DSA
  - From: denis bider
- RE: New version of rsa-sha2-512 draft posted: no more DSA
  - From: Peter Gutmann
- RE: New version of rsa-sha2-512 draft posted: no more DSA
  - From: Damien Miller
- RE: New version of rsa-sha2-512 draft posted: no more DSA
  - From: Peter Gutmann

Prev by Date: RE: New version of rsa-sha2-512 draft posted: no more DSA
Next by Date: RE: New version of rsa-sha2-512 draft posted: no more DSA
Previous by Thread: RE: New version of rsa-sha2-512 draft posted: no more DSA
Next by Thread: Re: New version of rsa-sha2-512 draft posted: no more DSA
Indexes:

Home | Main Index | Thread Index | Old Index