On Saturday 30 May 2015 00:09:47 Damien Miller wrote: > On Fri, 29 May 2015, Hubert Kario wrote: > > Not really, no. > > > > We can use this time an initial seed of "OpenSSH 1024 bit prime, attempt > > #1". Next time we generate the primes we can use the initial seed of > > "2017 OpenSSH 1024 bit prime, attempt #1", but we can use just as well a > > "2nd generation OpenSSH 1024 bit DH parameters, try number 1". Then we > > can also change the algorithm to use this seed for M-R witnesses, or not. > > Then we can use SHA-512 instead of SHA-256, or some SHA-3 variant. > > If you're constantly changing the parameters, then this is the opposite of > NUMS. Anyway, I don't think a NUMS-like approach is necessary. It certainly > isn't with users independently generating primality certificates. yes, I'm not saying that we should regenerate them constantly, I'm just saying that if the decision was ever to do that again, it's basically impossible to predict now what those numbers will be -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
