💾 Archived View for blitter.com › xs.gmi captured on 2024-05-26 at 14:20:55. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2024-05-10)

-=-=-=-=-=-=-

:: xs - the alternate PQC secure shell ::

🖜 Back

Intro

I have worked in the past on IPsec and integration of crypto algs into

wire protocols. I wanted to experiment with openssh, adding post-quantum

key exchanges and extra session (symmetric) crypto algs to it.

I sort of hit a wall trying to figure out how the openssh login phase

passed through session keys to the rest of the system. Fork hell.

I was just getting into Go ('golang') at the time, so I thought to

myself, "self, why don't you try writing your *own* secure shell in

pure Go, it might be a great learning experience!". Well, it was, and

the result is _xs_, the eXperimental Secure shell. I think it's pretty

darn nifty, and now use it full-time on my servers *instead* of ssh.

Go has a really great crypto library, and its structural typing system

made it quite easy to implement and/or integrate new crypto algs into

the program. It's easier to build than ssh, and I would argue is also

much easier to understand (source code is under 5% total SLOCC compared

to that of openssh, which is written in C).

It should also benefit from the built-in security of Go's safe runtime

(much less likelihood of buffer overflows and such).

Project is here, fetchable via 'go get':

Gogs git repository

Latest release v0.9.8 Dec. 5 2023

Changelog:

v0.9.8

- Addition of max bounds for chaff, rekey intervals; rekey interval 25% random jitter

v0.9.7

- Addition of optional cipher/hmac remodulation on rekeys and bounds-check on min chaff/rekey interval

v0.9.6

- Rekeying Support