On 09/11/2015 11:35 AM, Alice Wonder wrote:
I was reading https://weakdh.org/sysadmin.html
They also have a very interesting paper as a PDF.
Anyway it appears that most ssh servers, when using DHE key exchange,
use the 1024-bit Oakley Group 2 and there is suspicion the NSA has
done the pre-computations needed to passively decrypt any tls
communication using DHE with that particular prime group.
They recommend setting the following:
KexAlgorithms curve25519-sha256@xxxxxxxxxx
I don't even see that directive in my sshd config to set it, I suppose
it may be one that is manually added when needed but I want to verify
it actually means something in CentOS 7 ssh.
Also I'm a little worried that maybe curve25519 is one of the curves
that Red Hat (and thus CentOS 7) doesn't support due to patent concerns.
There are no patent concerns with Dan's c25519. But its acceptance by
the standards communities is new. Like really summer 2014 at the
Toronto IETF. Typical Dan presentation...
It HAS been around for some time and has been extensively reviewed. The
code is really clean and easy to review and implement, even in highly
constrained devices.
If it is, is there a suggestion on what curve should be used instead?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
