janmojzis / tinyssh

TinySSH is small server (less than 100000 words of code)
Creative Commons Zero v1.0 Universal
1.44k stars 79 forks source link

REQUEST: Add (re-add?) RSA host key support #90

Open VA1DER opened 2 months ago

VA1DER commented 2 months ago

One of TinySSH's stated "features" is that it uses "no older cryptographic primitives - rsa, dsa, classic diffie-hellman, hmac-md5, hmac-sha1, 3des, arcfour, …" While I would agree with almost all crypto in that list as being needing of removal, I am quite surprised by RSA being on that list.

I would like to see RSA host key support added to TinySSH.

All the best ciphers use a 256-bit session key. There is currently no way to protect this with a host key of equivalent strength. ed25519 is a great primitive, but far weaker than the session key it protects. There is a very basic rule that you never transmit keymat over a channel that is less secure than the security level of the keymat being transferred.

The only current host key primitive able to provide 256-bit grade host/client identity assurance is RSA.

VA1DER commented 2 months ago

I should also add, RSA is also the current champion for post-quantum host-key signatures in that a 256-bit grade RSA key (RSA 15360bit or better) would require only 32768 qubits, but something like 1-2 billion quantum gates. This is far beyond any reasonable expectation of existence in the near-to-medium future. We may see qubit counts in the 32k in the near-ish future, but nothing like that number of gates is on any sightable horizon.