Re: Can we disable diffie-hellman-group-exchange-sha1 by default?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, 15 Feb 2019 at 13:21, Yegor Ievlev <koops1997@xxxxxxxxx> wrote:
> Also, how are default moduli shipped with OpenSSH for use in
> diffie-hellman-group-exchange-sha1/sha256 chosen? Are they chosen
> randomly by developers or are they chosen for security properties?

A bit of both.  They're generated using ssh-keygen(1) in a 2 step
process (look for the -G and -T options).  For each group size,
candidates are picked at random and then screened (see
https://github.com/openssh/openssh-portable/blob/master/moduli.c).

> If they are random, why not use moduli from RFC 7919 instead, like
> Mozilla recommends?

Quoting RFC4419 (which predates 7919 by more than a decade):
"""
   we fear that extensive precomputation and more efficient
   algorithms to compute the discrete logarithm over a fixed group might
   pose a security threat to the SSH protocol.
   The ability to propose new groups will reduce the incentive to use
   precomputation for more efficient calculation of the discrete
   logarithm.  The server can constantly compute new groups in the
   background.
""

Using a small, fixed set of groups shared with another protocol would
be counter to this goal (see also: LogJam and the Oakley groups).
You're welcome to replace your file with the ones from RFC7919,
though.

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux