Re: [Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On Wed 2015-05-27 18:02:40 -0400, mancha wrote:
> One reason the generator of the full (Z/pZ)* is avoided is because
> knowledge of g^a and g^b (both known to Mallory) leaks information about
> the shared secret g^(ab) via their legendre symbols.

Their Legendre symbol of g^(ab) is 1 bit; but the full |2q| group is 1
bit larger than the |q| subgroup.  Either way, we're not talking about a
radical change in cryptographic strength, right?  Or is there some way
to parlay knowledge of the Legendre symbol of g^(ab) into a larger attack?

   --dkg
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux