Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ed25519 support #75

Closed
wants to merge 13 commits into from
Closed

Add ed25519 support #75

wants to merge 13 commits into from

Conversation

patstew
Copy link
Contributor

@patstew patstew commented Jan 25, 2019

I've rebased @pts's ed25519 support onto master, and added a small fix to make dbclient work with ed25519 too. It seems to work, and be compatible with openssh, but I can't personally vouch for its correctness.
The whole pts tree is rebased onto the official tree here if anyone wants to cherry pick some of the other changes.

@rasa
Copy link

rasa commented Jun 8, 2019

To encourage adoption, please consider adding:

- ~/inst/bin/dropbearkey -t ed25519 -f tested256

after

- ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521

@exploide
Copy link

exploide commented Sep 28, 2019

This PR ships an own implementation of Curve25519. Meanwhile, libtomcrypt got support for EC25519/Ed25510/X25519. https://github.com/libtom/libtomcrypt/tree/develop/src/pk

I guess the way forward is to update the dependency and make use of this implementation.

@jakimfett
Copy link

The lack of ed25519 support is the only thing keeping my org (and my homelab) from using Dropbear, for whatever that's worth.

@exploide any thoughts on starting a new pull request for updating libtomcrypt vs refactoring this PR to eliminate the Curve25519 requirement?

@exploide
Copy link

@jakimfett I have no dev experience with dropbear and libtomcrypt. I guess @mkj and @sjaeckel know better what is needed to bring Curve25519 support to dropbear.

@peterwillcn
Copy link

@exploide @jakimfett The Ed25519 was introduced on OpenSSH version 6.5. It’s the EdDSA implementation using the Twisted Edwards curve. It’s using elliptic curve cryptography that offers a better security with faster performance compared to DSA or ECDSA.
Today, the RSA is the most widely used public-key algorithm for SSH key. But compared to Ed25519, it’s slower and even considered not safe if it’s generated with the key smaller than 2048-bit length.
The Ed25519 public-key is compact. It only contains 68 characters, compared to RSA 3072 that has 544 characters. Generating the key is also almost as fast as the signing process. It’s also fast to perform batch signature verification with Ed25519. It’s built to be collision resilence. Hash-function collision won’t break the system.

@themiron themiron mentioned this pull request Mar 5, 2020
@themiron
Copy link
Contributor

themiron commented Mar 5, 2020

@jakimfett well, libtomcrypt with curve25519/ed25519 is not out yet. in my implementation (see #91), same curve25519 library is used as in libtomcrypt but use is more optimal regarding both size and memory consumtion. probably external upcoming (oneday) libtomcrypt with shared ed25519 is the only case when builtin lib can be disabled to have any gain.

@mkj
Copy link
Owner

mkj commented Mar 11, 2020

I've now merged #91

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants