Excerpts from Samuel Greenfeld's message of 2011-11-15 15:23:58 +0100: > Has anyone in the security field (such as Ivan Krstić) reviewed this > proposal? Are there any potential performance impacts by switching key > types for slower systems such as the XO-1?
A few quick tests have shown no significant differences in ssh-keygen runtime (if anything RSA key generation is faster). As stated before, no other piece of code does cryptographic operations with the key, so there's neither a performance impact nor a need for an independent security review for the two patches. The most important cryptographic open source tools (GnuPG, SSH, Mozilla NSS) default to using RSA keys, so using RSA keys for future cryptographic operations in Sugar is a reasonable choice. I wouldn't mind if anyone asked Ivan Krstić, Bruce Perens or any other reputable computer security expert for their opinion, of course. > We may also want to support handling an ECDSA SSH key if we see one, > although generating one may not always be possible (some distributions > remove this algorithm due to patent concerns). ECC is out of scope for this patch. The purpose is to make the key compatible with more software, not less. ECC support in most cryptographic toolkits ranges from experimental to non-existent. Sascha -- http://sascha.silbe.org/ http://www.infra-silbe.de/
signature.asc
Description: PGP signature
_______________________________________________ Sugar-devel mailing list [email protected] http://lists.sugarlabs.org/listinfo/sugar-devel
