On May 22, 2015 8:18 AM, "Darren Tucker" <dtucker@xxxxxxxxxx> wrote: > > On Thu, May 21, 2015 at 11:26 PM, Matthew Vernon <matthew@xxxxxxxxxx> wrote: > > > > You will be aware of https://weakdh.org/ by now, I presume; the > > take-home seems to be that 1024-bit DH primes might well be too weak. > > I'm wondering what (if anything!) you propose to do about this issue, > > and what Debian might do for our users? > > > Would you (and any other vendors) consider generating your own moduli file > for your distribution? If a few vendors did that it'd increase the > diversity quite a lot and it'd stop us (well, specifically me) being the > point of failure for not making updates. > > I have some scripts to split the screening (the CPU intensive part) up into > 1 shard per CPU, which would let the whole process run in about a day on a > decent sized machine. If there is any interest I can tidy them up and > stick them in contrib/ or something. Are the scripts public ? > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev