Re: Weak DH primes and openssh

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



> Can this be addressed in ssh_config/sshd_config with the KexAlgorithms setting?


weakdh.org/sysadmin.html recommends adding:

KexAlgorithms curve25519-sha256@xxxxxxxxxx

But this thread makes it sound as if it's not necessary.  Can anyone
confirm?  Personally I'm on openssh-6.7.

- Grant


> You will be aware of https://weakdh.org/ by now, I presume; the take-home seems to be that 1024-bit DH primes might well be too weak.
> I'm wondering what (if anything!) you propose to do about this issue, and what Debian might do for our users?
>
> openssh already prefers ECDH, which must reduce the impact somewhat, although the main Windows client (PuTTY) doesn't support ECDH yet. But openssh does still offer diffie-hellman-group1-sha1 (uses a 1024-bit
> group) and diffie-hellman-group14-sha1 (uses a 2047-bit group), which must be considered a bit suspect? Of course RFC4253 says implementations MUST offer these...
>
> The moduli file you provide has this distribution of sizes:
>
> size  count
> 1023  36
> 1535  50
> 2047  36
> 3071  31
> 4095  41
> 6143  27
> 8191  39
>
> Would it be sensible to remove the <2047 moduli? Generating the larger ones is quite time-consuming on non-specialist kit, which would seem to argue against re-generating them on users' machines.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux