On Sat, Jul 25, 2015 at 9:25 AM, Mark D. Baushke <mdb@xxxxxxxxxxx> wrote: > Greetings, > > Given the weakness with Diffie-Hellman modp groups less than 2048, is it > time to bump the suggested 1024 bit minimum value from the RFC 4419 to a > more current 2048 value for OpenSSH 7.0? > DH_GRP_MIN is used for 2 things: a) the client's minimum acceptable group size sent in the DH-GEX request. b) the lower bound of the group size picked out of the moduli file. For a), the OpenSSH client has asked for preferred sizes no less that 2k bits for a couple of years [1]. Changing the minimum in this case would have no effect on (RFC compliant) servers that have groups >= 2k, and would probably cause a connection failure on ones that do not. For b), we recently removed the 1k groups from the moduli file, so the minimum that can be offered is 1.5 kbit. What would be the desired outcome of such a change to DH_GRP_MIN? Rendering it such that DH-GEX doesn't work for a given connection makes it much more likely that the connection would use one of the fixed groups, and group1 in particular seems at much higher risk for LogJam style attacks than even a 1k group from a large and changing set. [1] https://anongit.mindrot.org/openssh.git/commit/?id=df62d71e64d29d1054e7a53d1a801075ef70335f [2] https://anongit.mindrot.org/openssh.git/commit/moduli?id=5ab7d5fa03ad55bc438fab45dfb3aeb30a3c237a -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev