Hello everybody, An issue was reported in RH bugzilla [1] about the size of the used DH group when combined with the 3des-cbc cipher. OpenSSH uses the actual key length for the size estimation. This is probably fine as far as the cipher has the same number of bits of security as the key length. But this is not true for 3TDEA where the key size is 168 resp 192 but it's security is only 112. Given that the key size in openssh is set to 192, DH group size is estimated to 7680. But according to NIST SP 800-57, the size of DH key should be 2048 so openssh doesn't follow that and it might cause problems with key exchanges with some servers. Would it make sense to extend the Cipher struct with the bits for security and estimate the DH size from this value? Or do special handling just of 3des? What do you think? [1] https://bugzilla.redhat.com/show_bug.cgi?id=1053107 Thanks, Petr -- Petr Lautrbach Security Technologies Red Hat Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140121/2256b157/attachment.bin>
