Support for ed5519 ssh Keys in UniFi Controller

Submitted by - a month ago
Status: New Idea

Since ed5519 keys are considered more secure than RSA, can support for these new keys be added to the Unifi Controller.  Suuuprt already exisits on the devices.

As security features, Ed25519 does not use branch operations and array indexing steps that depend on secret data, so as to defeat many side channel attacks.

Like other discrete-log-based signature schemes, EdDSA uses a secret value called a nonce unique to each signature. In the signature schemes DSA and ECDSA, this nonce is traditionally generated randomly for each signature—and if the random number generator is ever broken and predictable when making a signature, the signature can leak the private key, as happened with the Sony PlayStation 3 firmware update signing key.[8][9] In contrast, EdDSA chooses the nonce deterministically as the hash of the private key and the message. Thus, once a private key is generated, EdDSA has no further need for a random number generator in order to make signatures, and there is no danger that a broken random number generator used to make a signature will reveal the private key.