Re: Weak DH primes and openssh

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On May 22, 2015 8:18 AM, "Darren Tucker" <dtucker@xxxxxxxxxx> wrote:
>
> On Thu, May 21, 2015 at 11:26 PM, Matthew Vernon <matthew@xxxxxxxxxx>
wrote:
> >
> > You will be aware of https://weakdh.org/ by now, I presume; the
> > take-home seems to be that 1024-bit DH primes might well be too weak.
> > I'm wondering what (if anything!) you propose to do about this issue,
> > and what Debian might do for our users?
>
>
> Would you (and any other vendors) consider generating your own moduli file
> for your distribution?  If a few vendors did that it'd increase the
> diversity quite a lot and it'd stop us (well, specifically me) being the
> point of failure for not making updates.
>
> I have some scripts to split the screening (the CPU intensive part) up
into
> 1 shard per CPU, which would let the whole process run in about a day on a
> decent sized machine.  If there is any interest I can tidy them up and
> stick them in contrib/ or something.

Are the scripts public ?
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux