A while back, I introduced a new key exchange mechanism, “curve25519-sha256@libssh.org” in our code base. The reasons were explained together with the specifications. In a nutshell, this key exchange function is based on DJB’s Curve25519 elliptic curve Diffie-Hellman key exchange. This algorithm does not rely on NIST-based curves and gives us more security confidence against a possible backdoor in nistp-256 curve.
Today is a big day for us because OpenSSH team approved my patch and made curve25519-sha256@libssh.org the default key exchange !
Uncategorized
28 posts