Joined: 26 Mar 2013 Posts: 1855 Location: Hung Hom, Hong Kong
Posted: Thu Sep 15, 2022 16:05 Post subject:
the-joker wrote:
Something lost in translation there @mwchang? Perhaps another cup of exercise on your corporate rooftop.
Anyway ECC is all patented shit, its been around for a long time but not adopted, which is likely why RSA is still so prevalent.
In any case its not about security, its about key size and speed. You want security look elsewhere.
I meant you could apply EC to all keys, not just DSA. What's bad with long encryption keys? It's always the basis of security, right?
Are they after some dark magic when they claimed EC might lead to shorter keys while escaping dictionary hack? Well... I think those mathematicians really need to smoke something I don't understand. Or were they all bluffing?
Should we go all out to conspire and talk about hidden back-doors in all computer micro-codes, firmware and software?
Anyway, I don't smoke nor drink strange molecules, and I have listed those old tickets related to ECDSA.
Back to our regularly scheduled programs...
_________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Joined: 26 Mar 2013 Posts: 1855 Location: Hung Hom, Hong Kong
Posted: Thu Sep 15, 2022 17:28 Post subject:
the-joker wrote:
Since ECC is patented tech you can only see the patches up at OpenSSL and other implementation to see what curves they are using.
This isn't the same 1 + 1 = 2 math or -(-1) -(-1) = 2, and long isn't always the most secure, I think you have it a little backwards. You should read up on it, sorry teaching and hand holding is closed permanently by order of the maximum chief of the minimum staff..
In the end, it's just some convoluted mathematics. Later!
I will continue to use RSA 2, until OpenSSH changes.
_________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
The zlib updates may be "related", but all of these relate to ed25519 / dropbear update:
Changeset [50875] by brainslayer
fix download
Changeset [50874] by brainslayer
try ed25519
Changeset [50873] by brainslayer
try ed25519
Changeset [50872] by brainslayer
try ed25519
-
Changeset [50870] by brainslayer
change key size
Changeset [50869] by brainslayer
obsolete
-
Changeset [50867] by brainslayer
switch to ecdsa
Changeset [50866] by brainslayer
switch to ecdsa
Changeset [50865] by brainslayer
switch to ecdsa
Changeset [50864] by brainslayer
switch to ecdsa
Changeset [50863] by brainslayer
update dropbear: remove old files
Changeset [50862] by brainslayer
update dropbear: add new files _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
My PCs only run Linux, so there is no need to use any VM.
But that doesn't change the fact that users like you don't use Linux.
Besides, you can create keys in the WebIF of the router since a short time.
But this takes up to 10 minutes with long RSA keys on slow routers.
With ED25519, this can be done in no time even on slow hardware.
Joined: 26 Mar 2013 Posts: 1855 Location: Hung Hom, Hong Kong
Posted: Wed Nov 16, 2022 11:33 Post subject:
ho1Aetoo wrote:
My PCs only run Linux, so there is no need to use any VM.
But that doesn't change the fact that users like you don't use Linux.
I do run a Fedora VM, so I generate my long RSA keys there.
Quote:
Besides, you can create keys in the WebIF of the router since a short time.
But this takes up to 10 minutes with long RSA keys on slow routers.
With ED25519, this can be done in no time even on slow hardware.
Agree that no harm having choices... _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Correct. This has always been a matter of which option is more secure and maturity of key algorithm. The key factor here is if all targets with dropbear included meet firmware image size constraints, as we already know.
ho1Aetoo wrote:
It's been in there for a while, but it's not decided yet whether it will stay.
But it works at the moment, the GUI also supports ED25519
it is 100-1000x faster than RSA 4096
a complete key generation and conversion to the OpenSSH format takes 20ms on my R7800
so keep your fingers crossed and hope it will be accepted
_________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Wed Nov 16, 2022 17:40 Post subject:
mwchang wrote:
In the future, maybe Dropbear should just be replaced by OpenSSH.
As far as my understanding goes Dropbear is smaller than OpenSSh and excellent alternative for running on routers...you can install OpenSSh via entware...(sadly entware guys dont update their packages that often any more)
you can generate key's in many different ways, using linux, puttygen or whatever...
but gen those on router side is cool future to have too... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913