Re: DH Group Exchange Fallback

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 25 September 2017 at 15:54, Mark D. Baushke <mdb@xxxxxxxxxxx> wrote:
[...]
> For my effort, I would find it 'better' to consider moving to provable
> primes. Of course, that would mean sending all three of g,p,q to the
> client for them to validate that the primes are safe using something
> like Pocklington's Theorem. This should be fairly quick as such things
> go. It does mandate a change to the protocol to send q over the wire
> too.

I'm not a cryptographer so I defer to others on the cryptography and
number theory.

As an maintainer I guess the counter argument to that is that if you
need something stronger that the current dh-gex and you have to
implement something new anyway then you'd be much better off
implementing ecdh or ssh-curves and get something much faster for the
equivalent strength.  What is the intersection of people wanting >192
bits of security and wanting to (or being required to) stick with
dh-gex?

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux