On Mon, 17 Feb 2014, Hubert Kario wrote: > > I choose standards and objective guidelines over your personal > > definitions of "relatively secure" and "normal person". > > The standards say quite explicitly: iff 3DES => 2k DH. iff AES-128 => 3k DH. > They don't say if SHA-1 MAC => 7k DH. > > But that's what current code is doing. > > FIPS (it even has "Standard" in the name) says that we shouldn't use > DH with keys over 3072 bits, ever. Why you're not following it? FIPS always lags good practice. E.g. permitting single DES until 2007. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
