From dc9ab5e0f0c52f7f41960c807ae73a4e857a3df4 Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Fri, 21 Oct 2022 17:46:38 +0100 Subject: [PATCH] Rename NTRU Prime / Curve25519 kex in UI. The previous name, which included '(quantum-resistant)', was too long to be completely seen in the Windows config dialog's kex list (which is narrower than the Gtk one, due to the Up/Down buttons). No point including that explanation if people can't actually read it, so we'll have to rely on docs to explain it. (I did try squashing the rest of the name to "SNTRUP/X25519 hybrid", but that wasn't enough.) As some sort of compensation, index it more thoroughly in the docs, and while I'm there, tweak the indexing of other key exchange algorithms too. --- config.c | 3 +-- doc/config.but | 16 ++++++++-------- doc/index.but | 10 ++++++++++ 3 files changed, 19 insertions(+), 10 deletions(-) diff --git a/config.c b/config.c index 3885c7be..8cdeee24 100644 --- a/config.c +++ b/config.c @@ -569,8 +569,7 @@ static void kexlist_handler(dlgcontrol *ctrl, dlgparam *dlg, { "Diffie-Hellman group exchange", KEX_DHGEX }, { "RSA-based key exchange", KEX_RSA }, { "ECDH key exchange", KEX_ECDH }, - { "NTRU Prime / Curve25519 hybrid kex" - " (quantum-resistant)", KEX_NTRU_HYBRID }, + { "NTRU Prime / Curve25519 hybrid kex", KEX_NTRU_HYBRID }, { "-- warn below here --", KEX_WARN } }; diff --git a/doc/config.but b/doc/config.but index 32973ed7..21ff0bb5 100644 --- a/doc/config.but +++ b/doc/config.but @@ -2347,17 +2347,17 @@ cipher selection (see \k{config-ssh-encryption}). PuTTY currently supports the following key exchange methods: -\b \q{NTRU Prime / Curve25519 hybrid}: NTRU Prime is a lattice-based -algorithm intended to resist quantum attacks. In this key exchange -method, it is run in parallel with a conventional Curve25519-based -method (one of those included in \q{ECDH}), in such a way that it -should be no \e{less} secure than that commonly-used method, and -hopefully also resistant to a new class of attacks. +\b \q{NTRU Prime / Curve25519 hybrid}: \q{\i{Streamlined NTRU Prime}} +is a lattice-based algorithm intended to resist \i{quantum attacks}. +In this key exchange method, it is run in parallel with a conventional +Curve25519-based method (one of those included in \q{ECDH}), in such +a way that it should be no \e{less} secure than that commonly-used +method, and hopefully also resistant to a new class of attacks. -\b \q{ECDH}: \i{elliptic curve} \i{Diffie-Hellman key exchange}, +\b \q{\i{ECDH}}: elliptic curve Diffie-Hellman key exchange, with a variety of standard curves and hash algorithms. -\b The original form of \q{Diffie-Hellman} key exchange, with a +\b The original form of \i{Diffie-Hellman key exchange}, with a variety of well-known groups and hashes: \lcont{ diff --git a/doc/index.but b/doc/index.but index ac1a317d..187f5a1e 100644 --- a/doc/index.but +++ b/doc/index.but @@ -688,6 +688,16 @@ saved sessions from \IM{group exchange} Diffie-Hellman group exchange \IM{group exchange} group exchange, Diffie-Hellman +\IM{ECDH} \q{ECDH} (elliptic-curve Diffie-Hellman) +\IM{ECDH} elliptic-curve Diffie-Hellman key exchange +\IM{ECDH} key exchange, elliptic-curve Diffie-Hellman +\IM{ECDH} Diffie-Hellman key exchange, with elliptic curves + +\IM{Streamlined NTRU Prime} Streamlined NTRU Prime +\IM{Streamlined NTRU Prime} NTRU Prime + +\IM{quantum attacks} quantum attacks, resistance to + \IM{repeat key exchange} repeat key exchange \IM{repeat key exchange} key exchange, repeat