03/11/13 - 04:02pm
A while back, I introduced a new key exchange mechanism, “email@example.com” in our code base. The reasons were explained together with the specifications. In a nutshell, this key exchange function is based on DJB’s Curve25519 elliptic curve Diffie-Hellman key exchange. This algorithm does not rely on NIST-based curves and gives us more security confidence against a possible backdoor in nistp-256 curve.
Today is a big day for us because OpenSSH team approved my patch and made firstname.lastname@example.org the default key exchange !