Re: Weak DH primes and openssh

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Saturday 30 May 2015 00:09:47 Damien Miller wrote:
> On Fri, 29 May 2015, Hubert Kario wrote:
> > Not really, no.
> > 
> > We can use this time an initial seed of "OpenSSH 1024 bit prime, attempt
> > #1". Next time we generate the primes we can use the initial seed of
> > "2017 OpenSSH 1024 bit prime, attempt #1", but we can use just as well a
> > "2nd generation OpenSSH 1024 bit DH parameters, try number 1". Then we
> > can also change the algorithm to use this seed for M-R witnesses, or not.
> > Then we can use SHA-512 instead of SHA-256, or some SHA-3 variant.
> 
> If you're constantly changing the parameters, then this is the opposite of
> NUMS. Anyway, I don't think a NUMS-like approach is necessary. It certainly
> isn't with users independently generating primality certificates.

yes, I'm not saying that we should regenerate them constantly, I'm just saying 
that if the decision was ever to do that again, it's basically impossible to 
predict now what those numbers will be

-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux