On Fri, 29 May 2015, Hubert Kario wrote: > Not really, no. > > We can use this time an initial seed of "OpenSSH 1024 bit prime, attempt #1". > Next time we generate the primes we can use the initial seed of "2017 OpenSSH > 1024 bit prime, attempt #1", but we can use just as well a "2nd generation > OpenSSH 1024 bit DH parameters, try number 1". Then we can also change the > algorithm to use this seed for M-R witnesses, or not. Then we can use SHA-512 > instead of SHA-256, or some SHA-3 variant. If you're constantly changing the parameters, then this is the opposite of NUMS. Anyway, I don't think a NUMS-like approach is necessary. It certainly isn't with users independently generating primality certificates. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev