Re: Weak DH primes and openssh

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, May 22, 2015 at 12:27:01, Darren Tucker <dtucker@xxxxxxxxxx> wrote:

> Note that PuTTY does do Diffie-Hellman Group Exchange, but until very
> recently (ie after their 0.64 release) they didn't do the one that was
> actually standardized in RFC4419.  OpenSSH recently removed support for
> that non-standard one and as a result we don't offer DHGEX to PuTTY
> versions <= 0.64 so they'll fall back to group14 (2k bit fix group).

I think this is wrong.

This commit [0] from 2005 appears to show the addition of
diffie-hellman-group-exchange-sha256 support to PuTTY.

I've also just successfully connected to a local test OpenSSH server
(v6.7p1, as packaged by Debian) with only
diffie-hellman-group-exchange-sha256 enabled with an older release of
PuTTY (0.63) without any issue.

Indeed, PuTTY explicitly reported in its event log that it performed
key-exchange using Diffie-Hellman group exchange and SHA-256, so I'm
quite sure this is working!

Unless there's more than one key-exchange mechanism going by the name
diffie-hellman-group-exchange-sha256?

Kind regards,
David

[0]
http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commit;h=91319142781a69cb16053c180870878749477012

-- 
David McBride <dwm37@xxxxxxxxx>
Unix Specialist, University Information Services
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux