[SSHD-1260] EdDSA dependency net.i2p.crypto ed25519 signatures are malleable - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Dependency upgrade
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Labels:
None

External issue URL:
https://github.com/str4d/ed25519-java/issues/82

Description

To use ed25519 keys with the SSHD server it is necessary to use the net.i2p.crypto dependency. This dependency has a security flaw as it uses malleable ed25519 signatures as described in this github [issue|https://github.com/str4d/ed25519-java/issues/82].

This issue was detected in the context of a paper which checked several ed25519 implementations for security issues. In Table 5 of the paper, they state that this dependency is not SUF-CMA compliant in contrast to the Bouncy Castle implementation, which is SUF-CMA compliant.

Besides, it appears that the ed22519-java project is not longer maintained, as the issue is fixed in the main project of i2p, but not in this separated crypto library. As Bouncy Castle is already supported in SSHD and is SUF-CMA compliant, it would be very useful that SSHD supports the Bouncy Castle implementation of ed25519. This issue is related to SSHD-985 and SSHD-988.

Attachments

Issue Links

depends upon

SSHD-985 Support Bouncy Castle Ed25519 and Ed448 keys

Open

SSHD-988 Replace net.ip artifact with Bouncycastle for EDDSA key support

Open

links to

Sample code (2)

Some sample code (1)

Activity

People

Assignee:: Unassigned

Reporter:: Dominik Schneider

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 06/Apr/22 08:16

Updated:: 08/Jun/22 09:02