Re: DH Group Exchange Fallback

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Joseph S Testa II <jtesta@xxxxxxxxxxxxxxxxxxxx> writes:

> On 09/22/2017 03:22 PM, Daniel Kahn Gillmor wrote:
> > On Thu 2017-09-21 18:12:44 -0400, Joseph S Testa II wrote:
> >>      I gotta say... having a fallback mechanism here seems pretty
> >> strange.  The entire point of the group exchange is to use a dynamic
> >> group and not a static one.
> >
> > fwiw, i think dynamic groups for DHE key exchange is intrinsically
> > problematic when there is any computational expense in validating the
> > quality of the group parameters.
> 
> While some may agree with this, the fact remains that the current
> implementation isn't working as expected.  I'm interested in
> correcting the behavior.

Hmmm... the OpenSSH 7.5 sources use this method for the fallback:

DH *
dh_new_group_fallback(int max)
{
        debug3("%s: requested max size %d", __func__, max);
        if (max < 3072) {
                debug3("using 2k bit group 14");
                return dh_new_group14();
        } else if (max < 6144) {
                debug3("using 4k bit group 16");
                return dh_new_group16();
        }
        debug3("using 8k bit group 18");
        return dh_new_group18();
}

Group 14 == 2048-bit DH group.
(Group 15 == 3072-bit DH group.)
Group 16 == 4096-bit DH group.
(Group 17 == 6144-bit DH group.)
Group 18 == 8192-bit DH group.

I suppose you want to be more paranoid:

DH *
dh_new_group_fallback(int max)
{
        debug3("%s: requested max size %d", __func__, max);
        if (max <= 2048) {
                debug3("using 2k bit group 14");
                return dh_new_group14();
        } else if (max <= 4096) {
                debug3("using 4k bit group 16");
                return dh_new_group16();
        }
        debug3("using 8k bit group 18");
        return dh_new_group18();
}

If so, you should probably open a bug against the
dh.c::dh_new_group_fallback() function.

	-- Mark
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux