Just as the planned transition to seqouia pgp is underway, I propose switching to TinySSH for similar reasons. It concentrates on implementing the most basic and frequently used functionality with cutting edge ciphers. We should at least ship it as a default if a switch isn’t in the cards. It comes with a hybrid PQ KEM of DJB’s NTRUprime library and ECC x25519
1 Like
I like the idea of smaller, safer implementations in general, but OpenSSH’s code quality is highly regarded even by the researchers who found regreSSHion:
Preliminary note: OpenSSH is one of the most secure software in the world; this vulnerability is one slip-up in an otherwise near-flawless implementation. Its defense-in-depth design and code are a model and an inspiration, and we thank OpenSSH’s developers for their exemplary work.
It is also one of the core reasons the xz-utils backdoor was noticed; it has enough eyes on it that an unexplained half-second performance regression during authentication was enough to raise suspicions and result in the backdoor’s discovery. It also natively supports post-quantum crypto, including a hybrid NTRU Prime algorithm. I think switching to an alternate implementation, even a smaller one, might reduce security.
If OpenSSH was to remove support for NTRU Prime post-quantum crypto for reasons unrelated to the algorithm being broken or severely weakened in the future, a switch might be worth considering.
1 Like