x/crypto/ssh: Support sha-2 family hash algorithms for key exchange (RFC 8268) #31731
Labels
FeatureRequest
FrozenDueToAge
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Comments
|
But why? There are a number of more modern kexes based on elliptic curves, which are faster to process and (AFAIK) as secure. |
bcmills
added
FeatureRequest
NeedsInvestigation
|
Change https://go.dev/cl/392014 mentions this issue: |
pete-woods
pushed a commit
to CircleCI-Public/golang-crypto
that referenced
this issue
Mar 14, 2022
RFC 9142 made diffie-hellman-group14-sha256 from RFC 8268 a MUST, and it's strictly better than diffie-hellman-group14-sha1, which we already have, and trivial to add. > The method of key exchange used for the name "diffie-hellman- > group14-sha256" is the same as that for "diffie-hellman-group14-sha1" > except that the SHA256 hash algorithm is used. Ignore the bigger groups which have a meaningful performance cost, and don't share the same interoperability benefit. Adapted from CL 387994. Fixes golang/go#31731 Co-authored-by: Nicola Murino <nicola.murino@gmail.com> Change-Id: Id4ce345a2065840f193986739ea890f105a1e929
iamacarpet
pushed a commit
to affordablemobiles/xcrypto
that referenced
this issue
Aug 2, 2022
RFC 9142 made diffie-hellman-group14-sha256 from RFC 8268 a MUST, and it's strictly better than diffie-hellman-group14-sha1, which we already have, and trivial to add. > The method of key exchange used for the name "diffie-hellman- > group14-sha256" is the same as that for "diffie-hellman-group14-sha1" > except that the SHA256 hash algorithm is used. Ignore the bigger groups which have a meaningful performance cost, and don't share the same interoperability benefit. Adapted from CL 387994. Fixes golang/go#31731 Co-authored-by: Nicola Murino <nicola.murino@gmail.com> Change-Id: Id4ce345a2065840f193986739ea890f105a1e929 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/392014 Trust: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org>
LewiGoddard
pushed a commit
to LewiGoddard/crypto
that referenced
this issue
Feb 16, 2023
RFC 9142 made diffie-hellman-group14-sha256 from RFC 8268 a MUST, and it's strictly better than diffie-hellman-group14-sha1, which we already have, and trivial to add. > The method of key exchange used for the name "diffie-hellman- > group14-sha256" is the same as that for "diffie-hellman-group14-sha1" > except that the SHA256 hash algorithm is used. Ignore the bigger groups which have a meaningful performance cost, and don't share the same interoperability benefit. Adapted from CL 387994. Fixes golang/go#31731 Co-authored-by: Nicola Murino <nicola.murino@gmail.com> Change-Id: Id4ce345a2065840f193986739ea890f105a1e929 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/392014 Trust: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org>
BiiChris
pushed a commit
to BiiChris/crypto
that referenced
this issue
Sep 15, 2023
RFC 9142 made diffie-hellman-group14-sha256 from RFC 8268 a MUST, and it's strictly better than diffie-hellman-group14-sha1, which we already have, and trivial to add. > The method of key exchange used for the name "diffie-hellman- > group14-sha256" is the same as that for "diffie-hellman-group14-sha1" > except that the SHA256 hash algorithm is used. Ignore the bigger groups which have a meaningful performance cost, and don't share the same interoperability benefit. Adapted from CL 387994. Fixes golang/go#31731 Co-authored-by: Nicola Murino <nicola.murino@gmail.com> Change-Id: Id4ce345a2065840f193986739ea890f105a1e929 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/392014 Trust: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Feature Request: Add support for sha-2 family hash algorithms for key exchange (RFC 8268)
Due to concerns with SHA-1 and with MODP groups with less than 2048 bits, RFC 8268 suggests to add 5 new key exchange algorithms:
diffie-hellman-group14-sha256diffie-hellman-group15-sha512diffie-hellman-group16-sha512diffie-hellman-group17-sha512diffie-hellman-group18-sha512Currently, non of these new key exchange algorithms is present in x/crypto/ssh. For
diffie-hellman-group14-sha256the RFC states it SHOULD be supported to smooth the transition to newer group sizes.The text was updated successfully, but these errors were encountered: