One of TinySSH's stated "features" is that it uses "no older cryptographic primitives - rsa, dsa, classic diffie-hellman, hmac-md5, hmac-sha1, 3des, arcfour, …"
While I would agree with almost all crypto in that list as being needing of removal, I am quite surprised by RSA being on that list.
I would like to see RSA host key support added to TinySSH.
All the best ciphers use a 256-bit session key. There is currently no way to protect this with a host key of equivalent strength. ed25519 is a great primitive, but far weaker than the session key it protects. There is a very basic rule that you never transmit keymat over a channel that is less secure than the security level of the keymat being transferred.
The only current host key primitive able to provide 256-bit grade host/client identity assurance is RSA.
One of TinySSH's stated "features" is that it uses "no older cryptographic primitives - rsa, dsa, classic diffie-hellman, hmac-md5, hmac-sha1, 3des, arcfour, …"
While I would agree with almost all crypto in that list as being needing of removal, I am quite surprised by RSA being on that list.
I would like to see RSA host key support added to TinySSH.
All the best ciphers use a 256-bit session key. There is currently no way to protect this with a host key of equivalent strength. ed25519 is a great primitive, but far weaker than the session key it protects. There is a very basic rule that you never transmit keymat over a channel that is less secure than the security level of the keymat being transferred.
The only current host key primitive able to provide 256-bit grade host/client identity assurance is RSA.