Remove nistpxxx curve #668
Conversation
It's known that nistp256, and nistp384 as a backdor, so remove it
|
Thanks for providing a source for this. Doing some research on my side, I still find that this is all very much political speculation about those ... c.f. https://wiki.archlinux.org/index.php/SSH_keys (ECDSA section) and https://news.ycombinator.com/item?id=7597653 which summarize the situation like this :
So it looks a lot like "oh somebody says the NSA might have been involved at some point in the design of these so we shouldn't use them at all" ... But from what I read, the most compelling thing here is the difficulty of implementing the curves in a safe way ... and that still doesn't convince me that much, because I tend to think that if we don't trust the implementations in the lib we use, then we have bigger issues ... And also clearly I'm still reluctant to have our own custom security cooking instead of sticking to the recommendation from a trustable third-party ... To me the weakest point in our SSH config right now is the fact that login happens using passwords instead of public key authentication. Which ultimately boils down to the UX issue of "how do we get people to set up public key auth". https://imgs.xkcd.com/comics/security.png |
alexAubin
force-pushed
the
stretch-unstable
branch
from
58ead9e
to
40f48ff
Compare
|
I close it, feel free to reopen this topic during the meetings if you really want this to be included |
The problem
The website https://safecurves.cr.yp.to/ say that the curve nistp256, and nistp384 is not secure.
From some source, the NSA had backdoored Dual the curve NIST P-256.
Solution
Remove all of theses curves
PR Status
Not tested, but should work, with some other curves
How to test
Just update your ssh config
Validation