Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/ssh: Support sha-2 family hash algorithms for key exchange (RFC 8268) #31731

Open
breml opened this issue Apr 28, 2019 · 2 comments
Open

Comments

@breml
Copy link
Contributor

@breml breml commented Apr 28, 2019

Feature Request: Add support for sha-2 family hash algorithms for key exchange (RFC 8268)

Due to concerns with SHA-1 and with MODP groups with less than 2048 bits, RFC 8268 suggests to add 5 new key exchange algorithms:

  • diffie-hellman-group14-sha256
  • diffie-hellman-group15-sha512
  • diffie-hellman-group16-sha512
  • diffie-hellman-group17-sha512
  • diffie-hellman-group18-sha512

Currently, non of these new key exchange algorithms is present in x/crypto/ssh. For diffie-hellman-group14-sha256 the RFC states it SHOULD be supported to smooth the transition to newer group sizes.

@gopherbot gopherbot added this to the Unreleased milestone Apr 28, 2019
@hanwen
Copy link
Contributor

@hanwen hanwen commented Apr 30, 2019

But why? There are a number of more modern kexes based on elliptic curves, which are faster to process and (AFAIK) as secure.

@bcmills
Copy link
Member

@bcmills bcmills commented May 22, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.