The OpenBSD Project pushed out a new build on Thursday of the OpenSSH security suite, adding a new private key format, a new transport cipher and fixing 15 bugs in the Secure Shell.
OpenSSH version 6.5 adds support for the key exchange using elliptic-curve Diffie Hellman within cryptographer Daniel Bernstein’s elliptic-curve Curve25519. A 32-byte secret key will now be the default when both the client and server support it.
Many encryption implementations are suspect after alleged subversion of widely used algorithms by the National Security Agency. Documents disclosed by NSA whistleblower Edward Snowden indicate the NSA inserted weakened crypto algorithms into NIST standards. The most flagrant may be Dual EC DRBG which is the crpto library used by a number of commercial products including RSA BSafe. RSA Security and NIST warned developers to move off the algorithm.
Additionally, according to the release notes, 6.5 also adds support for the elliptic curve signature scheme Ed25519, a tweak that allows better security than the Digital Signature Algorithm (DSA) and its Elliptic Curve Digital Signature Algorithm (ECDSA) variant.
The new OpenSSH build is also set up to refuse old clients and servers that use a weaker key exchange hash calculation, including dated RSA keys from clients and servers “that use the obsolete RSA+MD5 signature scheme.”
The MD5 algorithm has been broken so long that it really hasn’t become an obstacle for hackers looking to crack it. It was last famously exploited in 2012 in an attack which saw the malware Flame forge a certificate from Microsoft.
OpenSSH will refuse connection entirely with anyone using these old clients or servers in a future build, but for the meantime will allow DSA keys.
A new transport cipher – chacha20-poly1305@openssh.com – based on algorithms (ChaCha20 and Poly1305 MAC) devised by Bernstein is also present in the update. Initially committed by OpenSSH developer Damien Miller back in November to replace the disintegrating RC4, the cipher should allow for better encryption going forward.
ChaCha, a variant of the stream cipher Salsa20, has been called faster in low-level implications and more secure than its alternatives, winning the confidence of cryptographers in the last few years.
A new private key format that uses bcrypt, a key derivation method “to better protect keys at rest,” has also been added to the latest OpenSSH.
Developers are calling 6.5 a “feature-focused release” and urging those who use it to update as soon as they can.
Those looking for a full rundown of the fixes and further information about 6.5’s new features can check out the release notes here.