Re: DH_GRP_MIN is currently 1024, should it be bumped to 2048?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sat, Jul 25, 2015 at 9:25 AM, Mark D. Baushke <mdb@xxxxxxxxxxx> wrote:

> Greetings,
>
> Given the weakness with Diffie-Hellman modp groups less than 2048, is it
> time to bump the suggested 1024 bit minimum value from the RFC 4419 to a
> more current 2048 value for OpenSSH 7.0?
>

DH_GRP_MIN is used for 2 things:
 a) the client's minimum acceptable group size sent in the DH-GEX request.
 b) the lower bound of the group size picked out of the moduli file.

For a), the OpenSSH client has asked for preferred sizes no less that 2k
bits for a couple of years [1].  Changing the minimum in this case would
have no effect on (RFC compliant) servers that have groups >= 2k, and would
probably cause a connection failure on ones that do not.

For b), we recently removed the 1k groups from the moduli file, so the
minimum that can be offered is 1.5 kbit.

What would be the desired outcome of such a change to DH_GRP_MIN?
Rendering it such that DH-GEX doesn't work for a given connection makes it
much more likely that the connection would use one of the fixed groups, and
group1 in particular seems at much higher risk for LogJam style attacks
than even a 1k group from a large and changing set.

[1]
https://anongit.mindrot.org/openssh.git/commit/?id=df62d71e64d29d1054e7a53d1a801075ef70335f
[2]
https://anongit.mindrot.org/openssh.git/commit/moduli?id=5ab7d5fa03ad55bc438fab45dfb3aeb30a3c237a

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux