Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein

Posted by Unknown on from the cha-cha-cha dept.

First time accepted submitter ConstantineM writes "Inspired by a recent Google initiative to adopt ChaCha20 and Poly1305 for TLS, OpenSSH developer Damien Miller has added a similar protocol to ssh, chacha20-poly1305@openssh.com, which is based on D. J. Bernstein algorithms that are specifically optimised to provide the highest security at the lowest computational cost, and not require any special hardware at doing so. Some further details are in his blog, and at undeadly. The source code of the protocol is remarkably simple — less than 100 lines of code!"

5 of 140 comments (clear)

  1. 100 lines is meaningless by Guspaz · · Score: 4, Insightful

    The referenced source file has no actual implementation of the encryption in it, so claiming 100 lines is a bit silly...

    1. Re:100 lines is meaningless by hawguy · · Score: 5, Insightful

      The referenced source file has no actual implementation of the encryption in it, so claiming 100 lines is a bit silly...

      Using their metric of excluding the function calls that do the real work, OpenSSL only needs one line of source code to encrypt a file:


      #!/bin/bash

      openssl enc -aes-256-cbc -salt -in somefile.txt -out somefile.txt.enc

    2. Re:100 lines is meaningless by complete+loony · · Score: 3, Insightful

      It's a stream cipher, the tcp sequence number tells you the byte offset in the session's psudo-random bit stream to xor against. Remember that TCP packets could arrive in any order, and multiple small packets might be aggregated when they are retransmitted.

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
  2. Does DJB insist that the library ... by fishnuts · · Score: 3, Insightful

    Does DJB insist that his crypto library gets installed under /var/lib? He's always insisted that his qmail binaries get installed under /var/qmail, and had everyone I know in the unix admin/engineering field shaking their heads, knowing that having executables and libraries on the /var filesystem is retarded and dangerous.

  3. What about HPN? by Vesvvi · · Score: 3, Insightful

    This is all well and good, but what's the status of seeing HPN-SSH or similar incorporated? FreeBSD has incorporated it, but it's still messy on Linux systems.