tinyssh icon indicating copy to clipboard operation
tinyssh copied to clipboard
verified publisher icon janmojzis

Nice mixture of wrong, inconsistent and non-relevant information

Open Ricky-Tigg opened this issue 3 years ago • 1 comments

Hello! I hope i didn't wake anyone. No? Good.

Source: https://tinyssh.org/

Wrong | "Postquantum crypto: (...) chacha20-poly1305"; It is certainly nott part of the PQ algorithm family but an AEAD. It is out of scope of PQ research. See relevant sources. Post-quantum cryptographic primitive [email protected] and AEAD [email protected] were introduced in OpenSSH respectively in v. 8.5, now as default in v. 9.0, and v. 6.5, promoted as default cipher in v. 6.9. Worht noting: OpenSSL and OpenSSH differ each other in regard to software policies. OpenSSL, unlike OpenSSH, solely incorporates to its project algorithm implementations which have been standardised by a recognised national or internal standards entity. At this time there is no such standard for NTRU. NIST recently decided not to standardise NTRU. That's instead CRYSTALS-Kyber that was selected for standardisation. I guess that allows this project developer to state So TinySSH is in good company here!

Source: https://tinyssh.org/faq.html

inconsistent | "TinySSH has less than100000 words of code". It appears to be less than 50000. Take a look at the dust on that page; indeed, no surprise; that's year 2014 in command output! that one i liked. So since you like playing with numbers, let's state here 200000. That gives the project time to let an even thicker layer of dust growing. That's an achievement like another.

non-relevant | "TinySSH is promising ‘no older cryptographic primitives’, but md5 is available in crypto library. What does it mean? (...) since version 20150201 tinysshd-printkey is not using MD5, MD5 removed.". You are a fast-learner aren't you? So take a look at the dust here; that's year 2015. What is your point here? An exhibition of good-old-time memories to amuse us, readers?.

That much for today. All but serious matter.

Ricky-Tigg avatar Sep 09 '22 08:09 Ricky-Tigg

Wrong | "Postquantum crypto: (...) chacha20-poly1305"; It is certainly nott part of the PQ algorithm family but an AEAD.

This is something you are wrong about: basically all symmetric ciphers are also post-quantum symmetric ciphers, since there are no quantum attacks against them more efficient than basic Grover search. So assuming the key length isn't too small, and there aren't specific Quantum attacks against them, basically all symmetric ciphers are also PQ ciphers.

felixfontein avatar Sep 09 '22 10:09 felixfontein