Re: DH Group Exchange Fallback

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 09/22/2017 06:55 PM, Tim Broberg wrote:
Do I understand correctly, that you find the security of group 14 unacceptable and yet you left it enabled?

In the end, I'm trying to ensure a minimum equivalent of 128-bits of security. Group14 is 2048-bits, which roughly translates to 112-bits. [1]

To this end, I disabled the "diffie-hellman-group14-sha1" and "diffie-hellman-group14-sha256" kex algorithms, but the problem is that the group exchange "diffie-hellman-group-exchange-sha256" is not respecting the admin's wishes, and falls back to group14, even when specifically told not to (by the admin removing 2048-bit groups in /etc/ssh/moduli).

There's currently no way to ensure 100% that 2048-bit DH is disabled.

   - Joe


[1] See NIST Special Publication 800-57, Part 1, Revision 4, p. 53, <http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf>.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux