| rfc9941v2.txt | rfc9941.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) M. Friedl | Internet Engineering Task Force (IETF) M. Friedl | |||
| Request for Comments: 9941 OpenSSH | Request for Comments: 9941 OpenSSH | |||
| Category: Informational J. Mojzis | Category: Informational J. Mojzis | |||
| ISSN: 2070-1721 TinySSH | ISSN: 2070-1721 TinySSH | |||
| S. Josefsson | S. Josefsson | |||
| March 2026 | April 2026 | |||
| Secure Shell (SSH) Key Exchange Method Using Hybrid Streamlined NTRU | Secure Shell (SSH) Key Exchange Method Using Hybrid Streamlined NTRU | |||
| Prime sntrup761 and X25519 with SHA-512: sntrup761x25519-sha512 | Prime sntrup761 and X25519 with SHA-512: sntrup761x25519-sha512 | |||
| Abstract | Abstract | |||
| This document describes a widely deployed hybrid key exchange method | This document describes a widely deployed hybrid key exchange method | |||
| in the Secure Shell (SSH) protocol that is based on Streamlined NTRU | in the Secure Shell (SSH) protocol that is based on Streamlined NTRU | |||
| Prime sntrup761 and X25519 with SHA-512. | Prime sntrup761 and X25519 with SHA-512. | |||
| skipping to change at line 66 ¶ | skipping to change at line 66 ¶ | |||
| 6. References | 6. References | |||
| 6.1. Normative References | 6.1. Normative References | |||
| 6.2. Informative References | 6.2. Informative References | |||
| Appendix A. Test Vectors | Appendix A. Test Vectors | |||
| Acknowledgements | Acknowledgements | |||
| Authors' Addresses | Authors' Addresses | |||
| 1. Introduction | 1. Introduction | |||
| Secure Shell (SSH) [RFC4251] is a secure remote login protocol. The | Secure Shell (SSH) [RFC4251] is a secure remote login protocol. The | |||
| key exchange protocol described in SSH transport layer [RFC4253] | key exchange protocol described in [RFC4253] supports an extensible | |||
| supports an extensible set of methods. Elliptic Curve Algorithms in | set of methods. [RFC5656] defines how elliptic curves are integrated | |||
| SSH [RFC5656] defines how elliptic curves are integrated into the | into the extensible SSH framework, and [RFC8731] adds | |||
| extensible SSH framework, and SSH KEX Using Curve25519 and Curve448 | curve25519-sha256 to support the pre-quantum Elliptic Curve Diffie- | |||
| [RFC8731] adds curve25519-sha256 to support the pre-quantum Elliptic | Hellman (ECDH) X25519 function [RFC7748]. | |||
| Curve Diffie-Hellman (ECDH) X25519 function [RFC7748]. | ||||
| Streamlined NTRU Prime [NTRUPrimePQCS] [NTRUPrime] [NTRUPrimeWeb] | Streamlined NTRU Prime [NTRUPrimePQCS] [NTRUPrime] [NTRUPrimeWeb] | |||
| provides post-quantum small lattice-based key-encapsulation | provides post-quantum small lattice-based key-encapsulation | |||
| mechanisms. The sntrup761 instance has been implemented widely. | mechanisms. The sntrup761 instance has been implemented widely. | |||
| This document specifies a hybrid construction using both sntrup761 | This document specifies a hybrid construction using both sntrup761 | |||
| and X25519, in the intention that a hybrid would be secure if either | and X25519, in the intention that a hybrid would be secure if either | |||
| algorithms is secure. | algorithms is secure. | |||
| This document also describes how to implement key exchange based on a | This document also describes how to implement key exchange based on a | |||
| skipping to change at line 116 ¶ | skipping to change at line 115 ¶ | |||
| The protocol flow and the SSH_MSG_KEX_ECDH_INIT and | The protocol flow and the SSH_MSG_KEX_ECDH_INIT and | |||
| SSH_MSG_KEX_ECDH_REPLY messages are identical, except that we use | SSH_MSG_KEX_ECDH_REPLY messages are identical, except that we use | |||
| different ephemeral public values Q_C and Q_S and shared secret K as | different ephemeral public values Q_C and Q_S and shared secret K as | |||
| described below. | described below. | |||
| Implementations MAY use the name SSH_MSG_KEX_HYBRID_INIT where | Implementations MAY use the name SSH_MSG_KEX_HYBRID_INIT where | |||
| SSH_MSG_KEX_ECDH_INIT is used and the name SSH_MSG_KEX_HYBRID_REPLY | SSH_MSG_KEX_ECDH_INIT is used and the name SSH_MSG_KEX_HYBRID_REPLY | |||
| where SSH_MSG_KEX_ECDH_REPLY is used, as long as the encoding on the | where SSH_MSG_KEX_ECDH_REPLY is used, as long as the encoding on the | |||
| wire is identical. These symbolic names do not appear on the wire; | wire is identical. These symbolic names do not appear on the wire; | |||
| they are merely used in specifications to refer to particular byte | they are merely used in specifications to refer to particular byte | |||
| values. For consistency with Elliptic Curve Cryptography (ECC) in | values. For consistency with [RFC5656], which defines the packet | |||
| SSH [RFC5656], which defines the packet syntax, we use those names in | syntax, we use those names in the rest of this document. | |||
| the rest of this document. | ||||
| The SSH_MSG_KEX_ECDH_INIT's value Q_C that holds the client's | The SSH_MSG_KEX_ECDH_INIT's value Q_C that holds the client's | |||
| ephemeral public key MUST be constructed by concatenating the | ephemeral public key MUST be constructed by concatenating the | |||
| 1158-byte public key output from the key generator of sntrup761 with | 1158-byte public key output from the key generator of sntrup761 with | |||
| the 32-byte K_A = X25519(a, 9) as described in [NTRUPrimePQCS] and | the 32-byte K_A = X25519(a, 9) as described in [NTRUPrimePQCS] and | |||
| [RFC8731]. The Q_C value is thus 1190 bytes. | [RFC8731]. The Q_C value is thus 1190 bytes. | |||
| The SSH_MSG_KEX_ECDH_REPLY's value Q_S that holds the server's | The SSH_MSG_KEX_ECDH_REPLY's value Q_S that holds the server's | |||
| ephemeral public key MUST be constructed by concatenating the | ephemeral public key MUST be constructed by concatenating the | |||
| 1039-byte ciphertext output from the key encapsulation mechanism of | 1039-byte ciphertext output from the key encapsulation mechanism of | |||
| skipping to change at line 157 ¶ | skipping to change at line 155 ¶ | |||
| X25519(b, 9)) = X25519(b, X25519(a, 9)). | X25519(b, 9)) = X25519(b, X25519(a, 9)). | |||
| Some earlier implementations may implement this protocol only through | Some earlier implementations may implement this protocol only through | |||
| the name sntrup761x25519-sha512@openssh.com; therefore, it is | the name sntrup761x25519-sha512@openssh.com; therefore, it is | |||
| RECOMMENDED to announce and accept that name as an alias of this | RECOMMENDED to announce and accept that name as an alias of this | |||
| protocol to increase chances for successfully negotiating the | protocol to increase chances for successfully negotiating the | |||
| protocol. | protocol. | |||
| 4. Security Considerations | 4. Security Considerations | |||
| The security considerations of the SSH Protocol [RFC4251], ECC for | The security considerations in [RFC4251], [RFC5656], [RFC7748], and | |||
| SSH [RFC5656], Elliptic Curves for Security [RFC7748], and SSH KEX | [RFC8731] are inherited. | |||
| Using Curve25519 and Curve448 [RFC8731] are inherited. | ||||
| Streamlined NTRU Prime sntrup761 aims for the standard goal of IND- | Streamlined NTRU Prime sntrup761 aims for the standard goal of IND- | |||
| CCA2 security, is widely implemented with good performance on a wide | CCA2 security, is widely implemented with good performance on a wide | |||
| range of architectures, and has been studied by researchers for | range of architectures, and has been studied by researchers for | |||
| several years. However, new cryptographic primitives should be | several years. However, new cryptographic primitives should be | |||
| introduced and trusted conservatively, and new research findings may | introduced and trusted conservatively, and new research findings may | |||
| be published at any time that may warrant implementation | be published at any time that may warrant implementation | |||
| reconsideration. The method described here to combine Curve25519 | reconsideration. The method described here to combine Curve25519 | |||
| with sntrup761 (i.e., SHA-512 hashing the concatenated outputs) is | with sntrup761 (i.e., SHA-512 hashing the concatenated outputs) is | |||
| also available for the same kind of cryptographic scrutiny. | also available for the same kind of cryptographic scrutiny. | |||
| skipping to change at line 182 ¶ | skipping to change at line 179 ¶ | |||
| be a concern for restricted computational devices, which would then | be a concern for restricted computational devices, which would then | |||
| not be able to take advantage of the improved security properties | not be able to take advantage of the improved security properties | |||
| offered by this work. | offered by this work. | |||
| Since sntrup761x25519-sha512 is expected to offer no reduction of | Since sntrup761x25519-sha512 is expected to offer no reduction of | |||
| security compared to curve25519-sha256, it is recommended that it is | security compared to curve25519-sha256, it is recommended that it is | |||
| used and preferred whenever curve25519-sha256 is used today, if the | used and preferred whenever curve25519-sha256 is used today, if the | |||
| extra communication size and computational requirements are | extra communication size and computational requirements are | |||
| acceptable. | acceptable. | |||
| As discussed in the security considerations of curve25519-sha256 | As discussed in the security considerations of [RFC8731], the X25519 | |||
| [RFC8731], the X25519 shared secret K is used bignum-encoded in that | shared secret K is bignum-encoded in that document, and this raises | |||
| document, and this raises the potential for a hash-processing time | the potential for a side-channel attack that could leak one bit of | |||
| side-channel that could leak one bit of the secret due to the | the secret due to the different length of the bignum sign pad. This | |||
| different length of the bignum sign pad. This document resolves that | document resolves that problem by using string encoding instead of | |||
| problem by using string encoding instead of bignum encoding. | bignum encoding. | |||
| The security properties of the protocol in this document, SSH itself, | The security properties of the protocol in this document, SSH itself, | |||
| and the cryptographic algorithms used (including Streamlined NTRU | and the cryptographic algorithms used (including Streamlined NTRU | |||
| Prime) depend on the availability and proper use of cryptographically | Prime) depend on the availability and proper use of cryptographically | |||
| secure random data. | secure random data. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| IANA has added the following entry to the "Key Exchange Method Names" | IANA has added the following entry to the "Key Exchange Method Names" | |||
| registry within the "Secure Shell (SSH) Protocol Parameters" registry | registry within the "Secure Shell (SSH) Protocol Parameters" registry | |||
| skipping to change at line 279 ¶ | skipping to change at line 276 ¶ | |||
| [OpenSSH] OpenSSH, "OpenSSH", <https://www.openssh.com/>. | [OpenSSH] OpenSSH, "OpenSSH", <https://www.openssh.com/>. | |||
| [TinySSH] TinySSH, "TinySSH", <https://tinyssh.org/>. | [TinySSH] TinySSH, "TinySSH", <https://tinyssh.org/>. | |||
| Appendix A. Test Vectors | Appendix A. Test Vectors | |||
| SSH2_MSG_KEX_ECDH_INIT | SSH2_MSG_KEX_ECDH_INIT | |||
| client public key sntrup761: | client public key sntrup761: | |||
| 0000: 5d b3 a9 d3 93 30 31 76 0e 8a f5 87 f7 b2 8c 4f ]....01v.......O | 0000: 5d b3 a9 d3 93 30 31 76 0e 8a f5 87 f7 b2 8c 4f | |||
| 0016: 97 a1 74 0e 6b 6f cf 1a d9 d9 99 8a 32 a5 61 e5 ..t.ko......2.a. | 0016: 97 a1 74 0e 6b 6f cf 1a d9 d9 99 8a 32 a5 61 e5 | |||
| 0032: 9e 4d 93 67 e2 66 18 f0 0a f5 54 f4 48 65 0c 60 .M.g.f....T.He.` | 0032: 9e 4d 93 67 e2 66 18 f0 0a f5 54 f4 48 65 0c 60 | |||
| 0048: d1 12 92 c2 aa a9 e4 7c ea 32 a3 f5 86 cb c4 c3 .......|.2...... | 0048: d1 12 92 c2 aa a9 e4 7c ea 32 a3 f5 86 cb c4 c3 | |||
| 0064: d5 c2 6f 34 5e 7f d3 57 51 d3 e3 d9 cc 1c e4 49 ..o4^..WQ......I | 0064: d5 c2 6f 34 5e 7f d3 57 51 d3 e3 d9 cc 1c e4 49 | |||
| 0080: bb ea 3e 2e 58 5e ac ba 0a b8 22 00 7c 77 a4 e0 ..>.X^....".|w.. | 0080: bb ea 3e 2e 58 5e ac ba 0a b8 22 00 7c 77 a4 e0 | |||
| 0096: bd 16 5c 3a f7 b3 25 08 c1 81 fd 0d 9f 99 a3 be ..\:..%......... | 0096: bd 16 5c 3a f7 b3 25 08 c1 81 fd 0d 9f 99 a3 be | |||
| 0112: ae e3 38 84 13 ff f0 b4 0f cb ab 76 1e 95 3e 1e ..8........v..>. | 0112: ae e3 38 84 13 ff f0 b4 0f cb ab 76 1e 95 3e 1e | |||
| 0128: 7c 74 1e 58 46 f6 81 f0 f2 f2 56 5b f3 be ce c9 |t.XF.....V[.... | 0128: 7c 74 1e 58 46 f6 81 f0 f2 f2 56 5b f3 be ce c9 | |||
| 0144: c8 99 9f 03 88 81 db 17 75 1d fb f5 b1 e2 f3 5d ........u......] | 0144: c8 99 9f 03 88 81 db 17 75 1d fb f5 b1 e2 f3 5d | |||
| 0160: 32 ce 19 75 49 e7 e1 17 bf 35 0d 97 7c ac 0a cf 2..uI....5..|... | 0160: 32 ce 19 75 49 e7 e1 17 bf 35 0d 97 7c ac 0a cf | |||
| 0176: 6c 8a 0f fc 07 4b a7 8b c5 93 f7 47 7c b6 d5 bf l....K.....G|... | 0176: 6c 8a 0f fc 07 4b a7 8b c5 93 f7 47 7c b6 d5 bf | |||
| 0192: 02 f0 96 80 e8 dc f3 87 c9 f0 b2 91 e7 37 70 82 .............7p. | 0192: 02 f0 96 80 e8 dc f3 87 c9 f0 b2 91 e7 37 70 82 | |||
| 0208: 3e 47 b7 18 72 be 5a da b1 85 d3 6e 56 5d 8a a3 >G..r.Z....nV].. | 0208: 3e 47 b7 18 72 be 5a da b1 85 d3 6e 56 5d 8a a3 | |||
| 0224: 62 fa 3e d0 ea 6e b9 fa 69 ec 96 86 94 81 2e 88 b.>..n..i....... | 0224: 62 fa 3e d0 ea 6e b9 fa 69 ec 96 86 94 81 2e 88 | |||
| 0240: 2b ba e5 af 70 1e ae ba 5f cb ea 82 e5 ba 67 0e +...p..._.....g. | 0240: 2b ba e5 af 70 1e ae ba 5f cb ea 82 e5 ba 67 0e | |||
| 0256: 4d f6 2a ec 13 a9 19 b4 08 9c b7 32 bb 40 de c3 M.*........2.@.. | 0256: 4d f6 2a ec 13 a9 19 b4 08 9c b7 32 bb 40 de c3 | |||
| 0272: e9 33 e1 c4 0d 5b 72 00 06 c4 3b 7f 57 d4 85 76 .3...[r...;.W..v | 0272: e9 33 e1 c4 0d 5b 72 00 06 c4 3b 7f 57 d4 85 76 | |||
| 0288: 4c 4c 3d ab 8e 1b 00 00 ac d9 8c 05 b3 18 24 85 LL=...........$. | 0288: 4c 4c 3d ab 8e 1b 00 00 ac d9 8c 05 b3 18 24 85 | |||
| 0304: 77 28 74 71 0d 68 8b 02 2c 59 55 a7 4d a4 6e 37 w(tq.h..,YU.M.n7 | 0304: 77 28 74 71 0d 68 8b 02 2c 59 55 a7 4d a4 6e 37 | |||
| 0320: 85 6c 77 68 f5 b7 a7 52 61 af 37 b4 09 07 34 68 .lwh...Ra.7...4h | 0320: 85 6c 77 68 f5 b7 a7 52 61 af 37 b4 09 07 34 68 | |||
| 0336: b6 83 ca f2 03 25 47 f9 09 e6 da bd 82 07 7e d1 .....%G.......~. | 0336: b6 83 ca f2 03 25 47 f9 09 e6 da bd 82 07 7e d1 | |||
| 0352: 78 16 74 1a a5 4c 5b ac 78 d8 0f 1a 44 08 44 a7 x.t..L[.x...D.D. | 0352: 78 16 74 1a a5 4c 5b ac 78 d8 0f 1a 44 08 44 a7 | |||
| 0368: ef 85 00 43 19 c3 3e b4 54 e6 3f f1 ac 83 03 ce ...C..>.T.?..... | 0368: ef 85 00 43 19 c3 3e b4 54 e6 3f f1 ac 83 03 ce | |||
| 0384: 7c bd ef 3c fd eb 47 6f f7 f9 e0 1f 13 9f cb 77 |..<..Go.......w | 0384: 7c bd ef 3c fd eb 47 6f f7 f9 e0 1f 13 9f cb 77 | |||
| 0400: 52 40 9d 3a d7 8b ad bf cc f1 06 ec 93 32 48 be R@.:.........2H. | 0400: 52 40 9d 3a d7 8b ad bf cc f1 06 ec 93 32 48 be | |||
| 0416: 0a 53 99 5c dd 9e 96 3b 84 21 8f b2 b4 fd b8 97 .S.\...;.!...... | 0416: 0a 53 99 5c dd 9e 96 3b 84 21 8f b2 b4 fd b8 97 | |||
| 0432: 8b 7a 8f 71 aa e6 af 4e 22 53 18 f0 a2 30 a0 53 .z.q...N"S...0.S | 0432: 8b 7a 8f 71 aa e6 af 4e 22 53 18 f0 a2 30 a0 53 | |||
| 0448: 30 c9 d8 a9 d7 67 08 a5 ad 81 64 7b 3a 02 ae ff 0....g....d{:... | 0448: 30 c9 d8 a9 d7 67 08 a5 ad 81 64 7b 3a 02 ae ff | |||
| 0464: e7 fa 41 68 d0 54 e3 42 86 da f7 f0 98 31 38 e5 ..Ah.T.B.....18. | 0464: e7 fa 41 68 d0 54 e3 42 86 da f7 f0 98 31 38 e5 | |||
| 0480: 8c fa 86 5c 5c f9 82 f8 a2 09 91 91 96 72 12 e5 ...\\........r.. | 0480: 8c fa 86 5c 5c f9 82 f8 a2 09 91 91 96 72 12 e5 | |||
| 0496: 8f 8b 8e 9b e8 5d bd 66 4b 6e ec a3 b3 03 c5 4e .....].fKn.....N | 0496: 8f 8b 8e 9b e8 5d bd 66 4b 6e ec a3 b3 03 c5 4e | |||
| 0512: 0f 7e a5 15 ef ab 01 8c 6d 02 52 77 bc 9a 02 f2 .~......m.Rw.... | 0512: 0f 7e a5 15 ef ab 01 8c 6d 02 52 77 bc 9a 02 f2 | |||
| 0528: 2e bf 03 40 fe 5a 80 5a c0 78 1e 95 21 10 9d dd ...@.Z.Z.x..!... | 0528: 2e bf 03 40 fe 5a 80 5a c0 78 1e 95 21 10 9d dd | |||
| 0544: 37 87 00 ae 13 c5 9d 9c 81 87 37 3e 7d e0 40 bc 7.........7>}.@. | 0544: 37 87 00 ae 13 c5 9d 9c 81 87 37 3e 7d e0 40 bc | |||
| 0560: 83 76 69 4f 9f c4 08 fd aa a1 7e aa 88 0e 4c 56 .viO......~...LV | 0560: 83 76 69 4f 9f c4 08 fd aa a1 7e aa 88 0e 4c 56 | |||
| 0576: a0 47 c5 d6 94 fb 52 67 f3 36 de b2 7e bf d1 33 .G....Rg.6..~..3 | 0576: a0 47 c5 d6 94 fb 52 67 f3 36 de b2 7e bf d1 33 | |||
| 0592: 41 fd 05 20 66 60 f4 91 96 5f 19 33 2d 17 ec e0 A.. f`..._.3-... | 0592: 41 fd 05 20 66 60 f4 91 96 5f 19 33 2d 17 ec e0 | |||
| 0608: 3e 93 7a 66 3b b0 de f4 ad 51 90 a4 a1 94 f3 37 >.zf;....Q.....7 | 0608: 3e 93 7a 66 3b b0 de f4 ad 51 90 a4 a1 94 f3 37 | |||
| 0624: 9a 77 11 02 67 45 6d 4d 19 80 33 58 56 2c b8 11 .w..gEmM..3XV,.. | 0624: 9a 77 11 02 67 45 6d 4d 19 80 33 58 56 2c b8 11 | |||
| 0640: 51 7b bc ec 43 fe 3d 96 ac f7 f0 8b 8d c6 2c 02 Q{..C.=.......,. | 0640: 51 7b bc ec 43 fe 3d 96 ac f7 f0 8b 8d c6 2c 02 | |||
| 0656: 2f c0 67 21 56 49 ee bf 07 17 48 f9 30 0b 18 2c /.g!VI....H.0.., | 0656: 2f c0 67 21 56 49 ee bf 07 17 48 f9 30 0b 18 2c | |||
| 0672: fa 7b 57 93 be f7 12 99 57 be 98 e7 55 84 da ed .{W.....W...U... | 0672: fa 7b 57 93 be f7 12 99 57 be 98 e7 55 84 da ed | |||
| 0688: 5c 94 71 fa 48 0f ed 97 ab e4 a5 d6 b6 26 3a e4 \.q.H........&:. | 0688: 5c 94 71 fa 48 0f ed 97 ab e4 a5 d6 b6 26 3a e4 | |||
| 0704: cb fe f9 ed 07 4b 42 bf e5 a1 d1 34 4d 7b 67 b9 .....KB....4M{g. | 0704: cb fe f9 ed 07 4b 42 bf e5 a1 d1 34 4d 7b 67 b9 | |||
| 0720: b7 06 7b d2 c7 ae 57 15 21 58 55 70 70 93 f1 87 ..{...W.!XUpp... | 0720: b7 06 7b d2 c7 ae 57 15 21 58 55 70 70 93 f1 87 | |||
| 0736: 31 bf 85 74 fe 36 0d 08 c8 07 a2 14 fc d5 96 8b 1..t.6.......... | 0736: 31 bf 85 74 fe 36 0d 08 c8 07 a2 14 fc d5 96 8b | |||
| 0752: 59 62 97 30 43 75 c2 a9 4f ec f9 e9 33 a9 38 cb Yb.0Cu..O...3.8. | 0752: 59 62 97 30 43 75 c2 a9 4f ec f9 e9 33 a9 38 cb | |||
| 0768: ae ee 63 34 8c 65 54 e7 9d d4 23 a2 4f b9 00 ed ..c4.eT...#.O... | 0768: ae ee 63 34 8c 65 54 e7 9d d4 23 a2 4f b9 00 ed | |||
| 0784: b4 be 0b 1c df d4 97 c0 89 ab dd 5f 75 13 ce 37 ..........._u..7 | 0784: b4 be 0b 1c df d4 97 c0 89 ab dd 5f 75 13 ce 37 | |||
| 0800: f3 d2 26 55 72 39 61 f0 d2 11 e8 e7 5f 93 5b 79 ..&Ur9a....._.[y | 0800: f3 d2 26 55 72 39 61 f0 d2 11 e8 e7 5f 93 5b 79 | |||
| 0816: e5 6c 28 f3 0a f9 5e 99 b8 a0 e6 4a 22 88 e5 28 .l(...^....J"..( | 0816: e5 6c 28 f3 0a f9 5e 99 b8 a0 e6 4a 22 88 e5 28 | |||
| 0832: 82 0c 6f 72 1d dd 80 84 57 04 72 f4 26 56 71 f3 ..or....W.r.&Vq. | 0832: 82 0c 6f 72 1d dd 80 84 57 04 72 f4 26 56 71 f3 | |||
| 0848: 92 23 ff 9e a9 fd 05 0b 51 99 72 32 98 a5 02 87 .#......Q.r2.... | 0848: 92 23 ff 9e a9 fd 05 0b 51 99 72 32 98 a5 02 87 | |||
| 0864: fe bb 99 18 5a b3 ec ab f9 26 7b 97 79 da 5f 19 ....Z....&{.y._. | 0864: fe bb 99 18 5a b3 ec ab f9 26 7b 97 79 da 5f 19 | |||
| 0880: 4e e7 7d a5 2d 53 40 2a 1f 1b 62 df 3b 11 82 e6 N.}.-S@*..b.;... | 0880: 4e e7 7d a5 2d 53 40 2a 1f 1b 62 df 3b 11 82 e6 | |||
| 0896: 90 7f 0f 56 0c 75 14 03 e7 6f aa f0 0e 0a 17 13 ...V.u...o...... | 0896: 90 7f 0f 56 0c 75 14 03 e7 6f aa f0 0e 0a 17 13 | |||
| 0912: 54 f5 ea d7 21 31 2c 7a c5 7f a3 ae 14 f3 05 42 T...!1,z.......B | 0912: 54 f5 ea d7 21 31 2c 7a c5 7f a3 ae 14 f3 05 42 | |||
| 0928: e9 c9 6c 6d d1 0a cb 19 35 7f 01 8a 8c e2 a1 09 ..lm....5....... | 0928: e9 c9 6c 6d d1 0a cb 19 35 7f 01 8a 8c e2 a1 09 | |||
| 0944: b5 c6 e5 e8 2b 4f 1e a2 e9 ce 5b e4 76 f7 53 4f ....+O....[.v.SO | 0944: b5 c6 e5 e8 2b 4f 1e a2 e9 ce 5b e4 76 f7 53 4f | |||
| 0960: 52 d4 75 22 4b aa 1e cd 42 0e be d7 dc 76 6f 94 R.u"K...B....vo. | 0960: 52 d4 75 22 4b aa 1e cd 42 0e be d7 dc 76 6f 94 | |||
| 0976: 0a 37 47 ca 44 bd e6 9e c1 2a 0d 57 f3 c2 47 40 .7G.D....*.W..G@ | 0976: 0a 37 47 ca 44 bd e6 9e c1 2a 0d 57 f3 c2 47 40 | |||
| 0992: 23 db a8 45 c7 9b 4a 96 13 6a 73 ad 6a a2 a8 e4 #..E..J..js.j... | 0992: 23 db a8 45 c7 9b 4a 96 13 6a 73 ad 6a a2 a8 e4 | |||
| 1008: df 92 34 76 f9 47 8d b9 21 63 46 c2 d7 f2 64 e6 ..4v.G..!cF...d. | 1008: df 92 34 76 f9 47 8d b9 21 63 46 c2 d7 f2 64 e6 | |||
| 1024: 17 27 9f cf f3 ae cd 3a 7d ed 5e 46 7c 33 71 f6 .'.....:}.^F|3q. | 1024: 17 27 9f cf f3 ae cd 3a 7d ed 5e 46 7c 33 71 f6 | |||
| 1040: 71 c8 92 dc ae e6 a0 c8 05 0c e0 37 fb ea 15 ed q..........7.... | 1040: 71 c8 92 dc ae e6 a0 c8 05 0c e0 37 fb ea 15 ed | |||
| 1056: b0 78 a5 bf b1 48 8b 46 64 1e c8 81 00 55 82 89 .x...H.Fd....U.. | 1056: b0 78 a5 bf b1 48 8b 46 64 1e c8 81 00 55 82 89 | |||
| 1072: 25 f8 b1 8b 1c e4 96 54 f8 be 97 b1 d3 20 f3 a0 %......T..... .. | 1072: 25 f8 b1 8b 1c e4 96 54 f8 be 97 b1 d3 20 f3 a0 | |||
| 1088: b5 c1 dd d5 27 d0 61 d9 96 2a 74 76 a8 33 10 78 ....'.a..*tv.3.x | 1088: b5 c1 dd d5 27 d0 61 d9 96 2a 74 76 a8 33 10 78 | |||
| 1104: ff b2 86 ee 4f 0b 78 73 dd 7f 7c b5 02 e9 12 35 ....O.xs..|....5 | 1104: ff b2 86 ee 4f 0b 78 73 dd 7f 7c b5 02 e9 12 35 | |||
| 1120: d3 9e ab 81 cd 9b 61 fb 2b 33 72 ee c6 bb 8a bc ......a.+3r..... | 1120: d3 9e ab 81 cd 9b 61 fb 2b 33 72 ee c6 bb 8a bc | |||
| 1136: bd 4f e5 9b c2 55 8f a0 b1 e7 1a 6a c1 e3 f1 5c .O...U.....j...\ | 1136: bd 4f e5 9b c2 55 8f a0 b1 e7 1a 6a c1 e3 f1 5c | |||
| 1152: 83 8f f0 9c 5b 04 ....[. | 1152: 83 8f f0 9c 5b 04 | |||
| client public key c25519: | client public key c25519: | |||
| 0000: be f9 23 79 d7 fd 4e 8a 10 55 9b dc e5 3e 62 13 ..#y..N..U...>b. | 0000: be f9 23 79 d7 fd 4e 8a 10 55 9b dc e5 3e 62 13 | |||
| 0016: eb 9b 6a 6f ca de ed 90 04 db b1 30 f6 ff ef 4f ..jo.......0...O | 0016: eb 9b 6a 6f ca de ed 90 04 db b1 30 f6 ff ef 4f | |||
| SSH2_MSG_KEX_ECDH_REPLY | SSH2_MSG_KEX_ECDH_REPLY | |||
| server cipher text: | server cipher text: | |||
| 0000: 71 67 00 55 f8 ac 87 1a af 7c ef cf 1c b4 7d b9 qg.U.....|....}. | 0000: 71 67 00 55 f8 ac 87 1a af 7c ef cf 1c b4 7d b9 | |||
| 0016: 4f b6 22 5e 4d 77 81 73 4f 1d b9 82 79 ff e9 34 O."^Mw.sO...y..4 | 0016: 4f b6 22 5e 4d 77 81 73 4f 1d b9 82 79 ff e9 34 | |||
| 0032: 26 9f d2 2e 4e c6 a3 5f 79 9c 26 68 99 3a 0f 40 &...N.._y.&h.:.@ | 0032: 26 9f d2 2e 4e c6 a3 5f 79 9c 26 68 99 3a 0f 40 | |||
| 0048: 33 2a 7d dd fa 7a e7 6b 1e e7 9d 50 b7 48 0f aa 3*}..z.k...P.H.. | 0048: 33 2a 7d dd fa 7a e7 6b 1e e7 9d 50 b7 48 0f aa | |||
| 0064: aa 97 ff e7 8c 6c ac 5d 10 df 2b e3 cc 93 ea dc .....l.]..+..... | 0064: aa 97 ff e7 8c 6c ac 5d 10 df 2b e3 cc 93 ea dc | |||
| 0080: 18 17 b3 34 42 70 7a 27 85 58 2a ae c2 e6 b9 26 ...4Bpz'.X*....& | 0080: 18 17 b3 34 42 70 7a 27 85 58 2a ae c2 e6 b9 26 | |||
| 0096: 93 fd 23 a9 ae ac 4a 35 8b 57 c1 5c 95 cb 23 fb ..#...J5.W.\..#. | 0096: 93 fd 23 a9 ae ac 4a 35 8b 57 c1 5c 95 cb 23 fb | |||
| 0112: e5 93 0f 7c f5 63 6b 5b a1 53 b5 55 d0 75 16 21 ...|.ck[.S.U.u.! | 0112: e5 93 0f 7c f5 63 6b 5b a1 53 b5 55 d0 75 16 21 | |||
| 0128: 8a db 95 ff c8 58 ac f4 7e 46 69 0a 4c a9 c8 cc .....X..~Fi.L... | 0128: 8a db 95 ff c8 58 ac f4 7e 46 69 0a 4c a9 c8 cc | |||
| 0144: eb e8 66 7c c4 fb fd 98 2c 0c 7f 41 8c 34 89 49 ..f|....,..A.4.I | 0144: eb e8 66 7c c4 fb fd 98 2c 0c 7f 41 8c 34 89 49 | |||
| 0160: a0 25 59 eb 63 a1 e6 8f 37 bf bc b3 ce 0a da 53 .%Y.c...7......S | 0160: a0 25 59 eb 63 a1 e6 8f 37 bf bc b3 ce 0a da 53 | |||
| 0176: 54 7f c2 41 52 eb 6c 9e 6e d0 ea af 6a 82 5d 17 T..AR.l.n...j.]. | 0176: 54 7f c2 41 52 eb 6c 9e 6e d0 ea af 6a 82 5d 17 | |||
| 0192: 6f 17 8d 06 8a 86 55 60 28 31 12 4a 0c de 6b be o.....U`(1.J..k. | 0192: 6f 17 8d 06 8a 86 55 60 28 31 12 4a 0c de 6b be | |||
| 0208: eb fd 38 13 6c 56 69 ad 0e 72 c8 bd b4 69 9d 32 ..8.lVi..r...i.2 | 0208: eb fd 38 13 6c 56 69 ad 0e 72 c8 bd b4 69 9d 32 | |||
| 0224: b4 1c 8e 6f f4 25 e1 9b c5 6f 8b 02 77 52 ae 72 ...o.%...o..wR.r | 0224: b4 1c 8e 6f f4 25 e1 9b c5 6f 8b 02 77 52 ae 72 | |||
| 0240: eb 9b 03 c8 9f de 15 bd f6 5a e8 9d 83 81 7b 48 .........Z....{H | 0240: eb 9b 03 c8 9f de 15 bd f6 5a e8 9d 83 81 7b 48 | |||
| 0256: 7a 69 9a d0 91 41 aa 07 5a fa ad d6 e8 55 39 d9 zi...A..Z....U9. | 0256: 7a 69 9a d0 91 41 aa 07 5a fa ad d6 e8 55 39 d9 | |||
| 0272: d1 0f d2 18 dc a0 9d 1c f1 e4 1c 0d f8 88 85 6b ...............k | 0272: d1 0f d2 18 dc a0 9d 1c f1 e4 1c 0d f8 88 85 6b | |||
| 0288: 6d 11 24 3e 61 de 48 95 5f 2a d1 c9 ad 3f b8 41 m.$>a.H._*...?.A | 0288: 6d 11 24 3e 61 de 48 95 5f 2a d1 c9 ad 3f b8 41 | |||
| 0304: 49 6d 9f 7c 3c bf 20 fe 37 7f 8c 8c 8f 72 ca f4 Im.|<. .7....r.. | 0304: 49 6d 9f 7c 3c bf 20 fe 37 7f 8c 8c 8f 72 ca f4 | |||
| 0320: 19 e4 cc a1 d8 08 cb 69 ec da 2b 88 e8 98 e9 1e .......i..+..... | 0320: 19 e4 cc a1 d8 08 cb 69 ec da 2b 88 e8 98 e9 1e | |||
| 0336: 29 af 86 6f 19 a8 67 56 ef b4 33 e4 2b b8 fe 61 )..o..gV..3.+..a | 0336: 29 af 86 6f 19 a8 67 56 ef b4 33 e4 2b b8 fe 61 | |||
| 0352: ad 36 4c 42 f8 ec 04 38 09 62 02 66 b5 54 fc 69 .6LB...8.b.f.T.i | 0352: ad 36 4c 42 f8 ec 04 38 09 62 02 66 b5 54 fc 69 | |||
| 0368: 46 29 05 27 d8 32 fd 37 4c d4 62 55 e1 ae e9 62 F).'.2.7L.bU...b | 0368: 46 29 05 27 d8 32 fd 37 4c d4 62 55 e1 ae e9 62 | |||
| 0384: 66 a0 f4 cb 4b 01 af 6b ea 09 80 00 a2 2b ff 0e f...K..k.....+.. | 0384: 66 a0 f4 cb 4b 01 af 6b ea 09 80 00 a2 2b ff 0e | |||
| 0400: 85 2c 92 b2 5c f9 f3 eb 44 a3 9a e8 55 bb e3 2f .,..\...D...U../ | 0400: 85 2c 92 b2 5c f9 f3 eb 44 a3 9a e8 55 bb e3 2f | |||
| 0416: 2d 20 5a 77 67 97 57 90 7f 4b b3 08 92 41 1a c0 - Zwg.W..K...A.. | 0416: 2d 20 5a 77 67 97 57 90 7f 4b b3 08 92 41 1a c0 | |||
| 0432: f6 1b e9 a4 06 29 ea 31 eb 81 f0 94 96 aa 26 95 .....).1......&. | 0432: f6 1b e9 a4 06 29 ea 31 eb 81 f0 94 96 aa 26 95 | |||
| 0448: 06 ed 4b f0 d3 9f aa 73 89 fa 6e f7 8f 4b f5 fa ..K....s..n..K.. | 0448: 06 ed 4b f0 d3 9f aa 73 89 fa 6e f7 8f 4b f5 fa | |||
| 0464: e4 5f 7c b6 08 e9 b2 18 77 99 9c ac 7b fb ec 41 ._|.....w...{..A | 0464: e4 5f 7c b6 08 e9 b2 18 77 99 9c ac 7b fb ec 41 | |||
| 0480: 41 1e 29 c2 d0 a5 de bc 59 2f 14 45 6d af b1 e0 A.).....Y/.Em... | 0480: 41 1e 29 c2 d0 a5 de bc 59 2f 14 45 6d af b1 e0 | |||
| 0496: 9c 77 73 0e ac 52 23 73 11 35 27 17 8c a3 ff 0e .ws..R#s.5'..... | 0496: 9c 77 73 0e ac 52 23 73 11 35 27 17 8c a3 ff 0e | |||
| 0512: 52 5d b7 c8 06 c5 05 43 15 53 e8 fc 83 64 df 10 R].....C.S...d.. | 0512: 52 5d b7 c8 06 c5 05 43 15 53 e8 fc 83 64 df 10 | |||
| 0528: 8b 9c 74 5c 0e d9 54 5e 9a 49 cf 13 e4 1d 86 35 ..t\..T^.I.....5 | 0528: 8b 9c 74 5c 0e d9 54 5e 9a 49 cf 13 e4 1d 86 35 | |||
| 0544: 24 a3 27 75 d3 d6 b4 95 78 8f 0d 81 3b 80 6b 26 $.'u....x...;.k& | 0544: 24 a3 27 75 d3 d6 b4 95 78 8f 0d 81 3b 80 6b 26 | |||
| 0560: 25 9f 14 b1 65 73 e8 ce fa 95 6d b1 15 0c 76 3c %...es....m...v< | 0560: 25 9f 14 b1 65 73 e8 ce fa 95 6d b1 15 0c 76 3c | |||
| 0576: b1 75 a9 96 78 c8 4b 91 06 a9 94 bc ec fa 44 eb .u..x.K.......D. | 0576: b1 75 a9 96 78 c8 4b 91 06 a9 94 bc ec fa 44 eb | |||
| 0592: 39 77 4d ee df ae eb 0e 90 61 eb ab 6a 17 1b 24 9wM......a..j..$ | 0592: 39 77 4d ee df ae eb 0e 90 61 eb ab 6a 17 1b 24 | |||
| 0608: 3c 3a 6e c4 bb 6f 72 46 3d 9a b8 8c 6a e7 45 c7 <:n..orF=...j.E. | 0608: 3c 3a 6e c4 bb 6f 72 46 3d 9a b8 8c 6a e7 45 c7 | |||
| 0624: 0f 81 db 19 6e ce 65 74 ca db 73 ec 1e ce 5f d7 ....n.et..s..._. | 0624: 0f 81 db 19 6e ce 65 74 ca db 73 ec 1e ce 5f d7 | |||
| 0640: 43 6b fe ff c0 e1 61 26 aa b7 6f e0 dc 7f d1 de Ck....a&..o..... | 0640: 43 6b fe ff c0 e1 61 26 aa b7 6f e0 dc 7f d1 de | |||
| 0656: 95 f0 28 fd 24 9c 73 1c cf ef 3e fe 21 a1 e5 4e ..(.$.s...>.!..N | 0656: 95 f0 28 fd 24 9c 73 1c cf ef 3e fe 21 a1 e5 4e | |||
| 0672: 77 da db 12 01 7a e4 2c b5 f3 9d 30 e6 49 99 d6 w....z.,...0.I.. | 0672: 77 da db 12 01 7a e4 2c b5 f3 9d 30 e6 49 99 d6 | |||
| 0688: 21 58 cc 5b 5b d5 ff ca ea df 9a fd d6 73 be cd !X.[[........s.. | 0688: 21 58 cc 5b 5b d5 ff ca ea df 9a fd d6 73 be cd | |||
| 0704: ae 7c 0d ea 78 e4 dd 74 f9 93 53 21 70 b7 cd 16 .|..x..t..S!p... | 0704: ae 7c 0d ea 78 e4 dd 74 f9 93 53 21 70 b7 cd 16 | |||
| 0720: ea c7 e9 5d 01 e0 e3 e6 53 46 7f fa a0 48 3e 5b ...]....SF...H>[ | 0720: ea c7 e9 5d 01 e0 e3 e6 53 46 7f fa a0 48 3e 5b | |||
| 0736: af 64 46 ff 0f 0c b5 c9 92 48 e8 20 35 1d c8 ae .dF......H. 5... | 0736: af 64 46 ff 0f 0c b5 c9 92 48 e8 20 35 1d c8 ae | |||
| 0752: d8 c4 38 31 aa 2c b5 91 6b eb 86 ac 2b fa 86 f2 ..81.,..k...+... | 0752: d8 c4 38 31 aa 2c b5 91 6b eb 86 ac 2b fa 86 f2 | |||
| 0768: d1 bd 7d 51 4c be f3 bf 4b d0 f0 78 0e 20 d3 30 ..}QL...K..x. .0 | 0768: d1 bd 7d 51 4c be f3 bf 4b d0 f0 78 0e 20 d3 30 | |||
| 0784: fc f8 00 53 2a 6a 9b d9 e4 0e 08 d1 ad 52 7a ca ...S*j.......Rz. | 0784: fc f8 00 53 2a 6a 9b d9 e4 0e 08 d1 ad 52 7a ca | |||
| 0800: f3 8b 0e a8 fb 45 3c 66 03 66 b4 54 a5 3d 8e df .....E<f.f.T.=.. | 0800: f3 8b 0e a8 fb 45 3c 66 03 66 b4 54 a5 3d 8e df | |||
| 0816: 4a 8f 66 f0 16 44 3b a9 f1 b3 db bb 7e d6 38 e5 J.f..D;.....~.8. | 0816: 4a 8f 66 f0 16 44 3b a9 f1 b3 db bb 7e d6 38 e5 | |||
| 0832: 5f 62 27 bb ba 34 0a 6f 9b 78 dd ae 54 ab 54 53 _b'..4.o.x..T.TS | 0832: 5f 62 27 bb ba 34 0a 6f 9b 78 dd ae 54 ab 54 53 | |||
| 0848: 3a e1 d2 f1 d8 1e 8b 31 61 cd 69 8a 63 fb 7c 24 :......1a.i.c.|$ | 0848: 3a e1 d2 f1 d8 1e 8b 31 61 cd 69 8a 63 fb 7c 24 | |||
| 0864: 75 5f e6 6d 64 3d e4 12 cb 2d b3 6f 0f 5a 19 28 u_.md=...-.o.Z.( | 0864: 75 5f e6 6d 64 3d e4 12 cb 2d b3 6f 0f 5a 19 28 | |||
| 0880: 1f d6 f6 9c ee 44 11 1a c5 84 d6 e3 a2 05 5d d4 .....D........]. | 0880: 1f d6 f6 9c ee 44 11 1a c5 84 d6 e3 a2 05 5d d4 | |||
| 0896: 85 db f1 8f e4 17 df bc 4c 78 98 d1 70 3b 63 d6 ........Lx..p;c. | 0896: 85 db f1 8f e4 17 df bc 4c 78 98 d1 70 3b 63 d6 | |||
| 0912: a4 91 db f1 9e 16 23 fa e0 54 f6 64 d1 0b d0 d6 ......#..T.d.... | 0912: a4 91 db f1 9e 16 23 fa e0 54 f6 64 d1 0b d0 d6 | |||
| 0928: a6 fd f1 66 72 8c 65 d8 17 af c9 33 49 c8 e9 4d ...fr.e....3I..M | 0928: a6 fd f1 66 72 8c 65 d8 17 af c9 33 49 c8 e9 4d | |||
| 0944: 1c 0a 77 2b 96 86 f2 16 55 3a e3 f6 00 bb b6 5a ..w+....U:.....Z | 0944: 1c 0a 77 2b 96 86 f2 16 55 3a e3 f6 00 bb b6 5a | |||
| 0960: 86 f6 fc 3f d6 f9 a4 1d fd 29 1d 5b 65 dc b3 14 ...?.....).[e... | 0960: 86 f6 fc 3f d6 f9 a4 1d fd 29 1d 5b 65 dc b3 14 | |||
| 0976: 96 10 3e c1 9a 90 23 e8 88 81 24 42 68 7a aa 25 ..>...#...$Bhz.% | 0976: 96 10 3e c1 9a 90 23 e8 88 81 24 42 68 7a aa 25 | |||
| 0992: ba f3 50 bd b9 ae be dc b3 ff 39 81 44 89 00 9d ..P.......9.D... | 0992: ba f3 50 bd b9 ae be dc b3 ff 39 81 44 89 00 9d | |||
| 1008: 4e 26 d6 ef df 7c e0 53 d3 ed 34 07 3d f2 1e 42 N&...|.S..4.=..B | 1008: 4e 26 d6 ef df 7c e0 53 d3 ed 34 07 3d f2 1e 42 | |||
| 1024: 28 af 1d 12 ce 98 c7 b0 7b 90 81 b5 ea f3 2c (.......{....., | 1024: 28 af 1d 12 ce 98 c7 b0 7b 90 81 b5 ea f3 2c | |||
| server public key c25519: | server public key c25519: | |||
| 0000: 18 6c 55 03 db 1c 38 e3 40 d7 09 24 77 46 14 b8 .lU...8.@..$wF.. | 0000: 18 6c 55 03 db 1c 38 e3 40 d7 09 24 77 46 14 b8 | |||
| 0016: 5e e4 7f 19 98 04 9b 90 1f f6 b9 7f b0 70 9e 32 ^............p.2 | 0016: 5e e4 7f 19 98 04 9b 90 1f f6 b9 7f b0 70 9e 32 | |||
| shared secret | shared secret | |||
| 0000: 9b 73 7d 41 d6 cf bb 12 56 c5 8c ad 0a 6a e2 c9 .s}A....V....j.. | 0000: 9b 73 7d 41 d6 cf bb 12 56 c5 8c ad 0a 6a e2 c9 | |||
| 0016: bf 84 a9 0a 72 91 eb 52 e4 c1 81 c8 d2 44 7b 56 ....r..R.....D{V | 0016: bf 84 a9 0a 72 91 eb 52 e4 c1 81 c8 d2 44 7b 56 | |||
| client kem key: | client kem key: | |||
| 0000: 2c 0c 5a 36 e6 77 70 b4 d8 ab 38 9a 92 96 3a cd ,.Z6.wp...8...:. | 0000: 2c 0c 5a 36 e6 77 70 b4 d8 ab 38 9a 92 96 3a cd | |||
| 0016: 10 82 38 36 40 be 2d 66 08 02 b8 17 cf eb b9 be ..86@.-f........ | 0016: 10 82 38 36 40 be 2d 66 08 02 b8 17 cf eb b9 be | |||
| concatenation of KEM key and ECDH shared key: | concatenation of KEM key and ECDH shared key: | |||
| 0000: 2c 0c 5a 36 e6 77 70 b4 d8 ab 38 9a 92 96 3a cd ,.Z6.wp...8...:. | 0000: 2c 0c 5a 36 e6 77 70 b4 d8 ab 38 9a 92 96 3a cd | |||
| 0016: 10 82 38 36 40 be 2d 66 08 02 b8 17 cf eb b9 be ..86@.-f........ | 0016: 10 82 38 36 40 be 2d 66 08 02 b8 17 cf eb b9 be | |||
| 0032: 9b 73 7d 41 d6 cf bb 12 56 c5 8c ad 0a 6a e2 c9 .s}A....V....j.. | 0032: 9b 73 7d 41 d6 cf bb 12 56 c5 8c ad 0a 6a e2 c9 | |||
| 0048: bf 84 a9 0a 72 91 eb 52 e4 c1 81 c8 d2 44 7b 56 ....r..R.....D{V | 0048: bf 84 a9 0a 72 91 eb 52 e4 c1 81 c8 d2 44 7b 56 | |||
| encoded shared secret: | encoded shared secret: | |||
| 0000: 00 00 00 40 42 54 58 44 6f 22 75 63 04 de d7 5a ...@BTXDo"uc...Z | 0000: 00 00 00 40 42 54 58 44 6f 22 75 63 04 de d7 5a | |||
| 0016: 1f 23 fe f9 b1 8b 36 eb e0 e6 e2 60 c3 00 12 63 .#....6....`...c | 0016: 1f 23 fe f9 b1 8b 36 eb e0 e6 e2 60 c3 00 12 63 | |||
| 0032: b0 18 3f 42 49 07 e6 d8 22 b3 b7 6c 6c 38 37 b5 ..?BI..."..ll87. | 0032: b0 18 3f 42 49 07 e6 d8 22 b3 b7 6c 6c 38 37 b5 | |||
| 0048: b4 1f b0 d0 76 35 c7 57 e6 5e fb ef cb 5b c3 8a ....v5.W.^...[.. | 0048: b4 1f b0 d0 76 35 c7 57 e6 5e fb ef cb 5b c3 8a | |||
| 0064: 1a 15 a9 6d ...m | 0064: 1a 15 a9 6d | |||
| Figure 1 | Figure 1 | |||
| Acknowledgements | Acknowledgements | |||
| Jan Mojzis added "sntrup4591761x25519-sha512@tinyssh.org" to TinySSH | Jan Mojzis added "sntrup4591761x25519-sha512@tinyssh.org" to TinySSH | |||
| [TinySSH] in 2018, and Markus Friedl implemented it for OpenSSH | [TinySSH] in 2018, and Markus Friedl implemented it for OpenSSH | |||
| [OpenSSH] in 2019. In 2020, Damien Miller replaced sntrup4591761 | [OpenSSH] in 2019. In 2020, Damien Miller replaced sntrup4591761 | |||
| with sntrup761 in OpenSSH to create | with sntrup761 in OpenSSH to create | |||
| "sntrup761x25519-sha512@openssh.com". TinySSH added support for it | "sntrup761x25519-sha512@openssh.com". TinySSH added support for it | |||
| End of changes. 13 change blocks. | ||||
| 174 lines changed or deleted | 171 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||