On Friday 22 May 2015 16:22:13 Daniel Kahn Gillmor wrote: > On Fri 2015-05-22 00:06:29 -0400, Darren Tucker wrote: > > On Thu, May 21, 2015 at 11:26 PM, Matthew Vernon <matthew@xxxxxxxxxx> wrote: > >> You will be aware of https://weakdh.org/ by now, I presume; the > >> take-home seems to be that 1024-bit DH primes might well be too weak. > >> I'm wondering what (if anything!) you propose to do about this issue, > >> and what Debian might do for our users? > > > > Would you (and any other vendors) consider generating your own moduli file > > for your distribution? If a few vendors did that it'd increase the > > diversity quite a lot and it'd stop us (well, specifically me) being the > > point of failure for not making updates. > > (thanks for making the recent moduli update, Darren!) > > This is an interesting proposal as a way to increase group diversity, > but it also creates a non-obvious fingerprinting channel. That is, > distro-specific groups would provide a way that someone scanning to find > out what distro is in use can make a more accurate guess based on the > primes offered. > > I grant that debian's current patches that add the debian revision > themselves provide a fingerprinting mechanism, but those can be disabled > on Debian with "DebianBanner no" in sshd_config. We'd want to make sure > that distro-specific moduli don't re-introduce fingerprinting for > operators who want to hide their choice of distro. > > --dkg > > PS Darren, has there been any attempt at generating primality proofs for > the values in ./moduli, as opposed to 100 rounds of Miller-Rabin? It > would be a shame for a pseudoprime to slip in, however unlikely that > would be. creating composites that will pass even 100000 rounds of Miller-Rabin is relatively simple.... (assuming the values for M-R tests are picked randomly) I'd be against shipping any primes that are not generated from known, expected values, like hash of "OpenSSH 1024 bit DH prime, try #1" -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
