Re: Curve25519/448 key agreement for SSH

To: "Mark D. Baushke" <mdb%juniper.net@localhost>
Subject: Re: Curve25519/448 key agreement for SSH
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: Mon, 22 Feb 2016 10:08:32 +0100

"Mark D. Baushke" <mdb%juniper.net@localhost> writes:

> If so, why is the Key Exchange Method name "curve448-sha256" rather than
> "curve488-sha512" ?

I think Damien Miller's argument for using sha512 here makes sense:
"curve448 is a backup against as-yet-unknown attacks on curve25519.
Since we're not likely to need it, we might as well pair it with SHA512
as a backup against as-yet-unknown attacks on SHA256."

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

Follow-Ups:
- Re: Curve25519/448 key agreement for SSH
  - From: Simon Josefsson

References:
- Re: Curve25519/448 key agreement for SSH
  - From: denis bider
- Re: Curve25519/448 key agreement for SSH
  - From: Simon Josefsson
- Re: Curve25519/448 key agreement for SSH
  - From: Mark D. Baushke

Prev by Date: Re: AEAD in ssh
Next by Date: Re: AEAD in ssh
Previous by Thread: Re: Curve25519/448 key agreement for SSH
Next by Thread: Re: Curve25519/448 key agreement for SSH
Indexes:

Home | Main Index | Thread Index | Old Index