Support for ed5519 ssh Keys in UniFi Controller
Submitted by kb9gxk - a month ago
Status: New Idea
Since ed5519 keys are considered more secure than RSA, can support for these new keys be added to the Unifi Controller. Suuuprt already exisits on the devices.
As security features, Ed25519 does not use branch operations and array indexing steps that depend on secret data, so as to defeat many side channel attacks. Like other discrete-log-based signature schemes, EdDSA uses a secret value called a nonce unique to each signature. In the signature schemes DSA and ECDSA, this nonce is traditionally generated randomly for each signature—and if the random number generator is ever broken and predictable when making a signature, the signature can leak the private key, as happened with the Sony PlayStation 3 firmware update signing key.[8][9] In contrast, EdDSA chooses the nonce deterministically as the hash of the private key and the message. Thus, once a private key is generated, EdDSA has no further need for a random number generator in order to make signatures, and there is no danger that a broken random number generator used to make a signature will reveal the private key.
Idea Statuses
- New Idea (503)
- Accepted (57)
- Future Consideration (0)
- Implemented (95)
- Invalid (27)
- Under Consideration (3)
Latest Comments
- Jocee on: SFP link aggregation US-16-150W and US 24-500W
-
UBNT-cmb on: Fail-over WAN log
- greatwhitehat on: Double DDNS
- blackglove9 on: Don't expose username-login on forum
- peggleg on: UBNT Modems
- node808 on: Ability to clone the a routers Mac address in the GUI
- adamjb on: LLDP Timers
- Lupos on: Isolated VLANs
- bernardssupport on: REQUEST - DPI Custom Category for Business Process
- scott_thomson on: config.gateway.json editor available in GUI
Latest Ideas
- WEB FILTERING feature enhancement
- SFP link aggregation US-16-150W and US 24-500W
- Ability to group/segregate firewall rules in the GUI
- Fail-over WAN log
- please enable LAN2 port on USG 3p to be bridged with the LAN1 network
- let us customize LAN2 port on USG! (please) :)
- Mac and ip logging
- Domain based Portforward.
- Double DDNS
- USG WAN port details
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.