💾 Archived View for blitter.com › xs.gmi captured on 2024-05-12 at 15:02:47. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-05-10)
-=-=-=-=-=-=-
I have worked in the past on IPsec and integration of crypto algs into
wire protocols. I wanted to experiment with openssh, adding post-quantum
key exchanges and extra session (symmetric) crypto algs to it.
I sort of hit a wall trying to figure out how the openssh login phase
passed through session keys to the rest of the system. Fork hell.
I was just getting into Go ('golang') at the time, so I thought to
myself, "self, why don't you try writing your *own* secure shell in
pure Go, it might be a great learning experience!". Well, it was, and
the result is _xs_, the eXperimental Secure shell. I think it's pretty
darn nifty, and now use it full-time on my servers *instead* of ssh.
Go has a really great crypto library, and its structural typing system
made it quite easy to implement and/or integrate new crypto algs into
the program. It's easier to build than ssh, and I would argue is also
much easier to understand (source code is under 5% total SLOCC compared
to that of openssh, which is written in C).
It should also benefit from the built-in security of Go's safe runtime
(much less likelihood of buffer overflows and such).
Project is here, fetchable via 'go get':
Latest release v0.9.8 Dec. 5 2023
Changelog:
v0.9.8
- Addition of max bounds for chaff, rekey intervals; rekey interval 25% random jitter
v0.9.7
- Addition of optional cipher/hmac remodulation on rekeys and bounds-check on min chaff/rekey interval
v0.9.6
- Rekeying Support