Weak DH primes and openssh

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

You will be aware of https://weakdh.org/ by now, I presume; the
take-home seems to be that 1024-bit DH primes might well be too weak.
I'm wondering what (if anything!) you propose to do about this issue,
and what Debian might do for our users?

openssh already prefers ECDH, which must reduce the impact somewhat,
although the main Windows client (PuTTY) doesn't support ECDH yet. But
openssh does still offer diffie-hellman-group1-sha1 (uses a 1024-bit
group) and diffie-hellman-group14-sha1 (uses a 2047-bit group), which
must be considered a bit suspect? Of course RFC4253 says implementations
MUST offer these...

The moduli file you provide has this distribution of sizes:

size  count
1023  36
1535  50
2047  36
3071  31
4095  41
6143  27
8191  39

Would it be sensible to remove the <2047 moduli? Generating the larger
ones is quite time-consuming on non-specialist kit, which would seem to
argue against re-generating them on users' machines.

Regards,

Matthew
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux