On Fri 2015-05-22 00:06:29 -0400, Darren Tucker wrote: > On Thu, May 21, 2015 at 11:26 PM, Matthew Vernon <matthew@xxxxxxxxxx> wrote: >> >> You will be aware of https://weakdh.org/ by now, I presume; the >> take-home seems to be that 1024-bit DH primes might well be too weak. >> I'm wondering what (if anything!) you propose to do about this issue, >> and what Debian might do for our users? > > Would you (and any other vendors) consider generating your own moduli file > for your distribution? If a few vendors did that it'd increase the > diversity quite a lot and it'd stop us (well, specifically me) being the > point of failure for not making updates. (thanks for making the recent moduli update, Darren!) This is an interesting proposal as a way to increase group diversity, but it also creates a non-obvious fingerprinting channel. That is, distro-specific groups would provide a way that someone scanning to find out what distro is in use can make a more accurate guess based on the primes offered. I grant that debian's current patches that add the debian revision themselves provide a fingerprinting mechanism, but those can be disabled on Debian with "DebianBanner no" in sshd_config. We'd want to make sure that distro-specific moduli don't re-introduce fingerprinting for operators who want to hide their choice of distro. --dkg PS Darren, has there been any attempt at generating primality proofs for the values in ./moduli, as opposed to 100 rounds of Miller-Rabin? It would be a shame for a pseudoprime to slip in, however unlikely that would be. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev