Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Remove nistpxxx curve #668
The website https://safecurves.cr.yp.to/ say that the curve nistp256, and nistp384 is not secure.
From some source, the NSA had backdoored Dual the curve NIST P-256.
Remove all of theses curves
Not tested, but should work, with some other curves
How to test
Just update your ssh config
Thanks for providing a source for this.
Doing some research on my side, I still find that this is all very much political speculation about those ...
So it looks a lot like "oh somebody says the NSA might have been involved at some point in the design of these so we shouldn't use them at all" ... But from what I read, the most compelling thing here is the difficulty of implementing the curves in a safe way ... and that still doesn't convince me that much, because I tend to think that if we don't trust the implementations in the lib we use, then we have bigger issues ...
And also clearly I'm still reluctant to have our own custom security cooking instead of sticking to the recommendation from a trustable third-party ... To me the weakest point in our SSH config right now is the fact that login happens using passwords instead of public key authentication. Which ultimately boils down to the UX issue of "how do we get people to set up public key auth". https://imgs.xkcd.com/comics/security.png