Re: Weak DH primes and openssh

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sat, May 23, 2015 at 12:30 AM, David McBride <dwm37@xxxxxxxxx> wrote:

> On Fri, May 22, 2015 at 12:27:01, Darren Tucker <dtucker@xxxxxxxxxx>
> wrote:
>
> > Note that PuTTY does do Diffie-Hellman Group Exchange, but until very
> > recently (ie after their 0.64 release) they didn't do the one that was
> > actually standardized in RFC4419.  OpenSSH recently removed support for
> > that non-standard one and as a result we don't offer DHGEX to PuTTY
> > versions <= 0.64 so they'll fall back to group14 (2k bit fix group).
>
> I think this is wrong.
>
> This commit [0] from 2005 appears to show the addition of
> diffie-hellman-group-exchange-sha256 support to PuTTY.
>

You're right, thanks for pointing this out.  When I looked at it I was
specifically looking at group-exchange-sha1 (because that was the thing
using the deprecated format) and overlooked sha256.

That does mean that there's a stronger case for removing 1kbit and 1.5kbit
groups from the moduli file because that would result in stronger groups
being used for versions of PuTTY from then until 0.64, which is the current
release as I write this.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux