Re: Can we disable diffie-hellman-group-exchange-sha1 by default?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I referred to the fact that there is no value for 4096-bit groups at
all. For higher strengths than 128 bits one should probably not use
non-EC crypto at all, as the document suggests.

On Fri, Feb 15, 2019 at 9:19 AM Darren Tucker <dtucker@xxxxxxxxxxx> wrote:
>
> On Fri, 15 Feb 2019 at 16:45, Yegor Ievlev <koops1997@xxxxxxxxx> wrote:
> > That doesn't seem to be the case. See
> > https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf
> > (5.6.1 Comparable Algorithm Strengths)
>
> For DH, the "Comparable strengths" table lists L=3072 for 128 bits and
> L=7680 for 192 bits.  To me that puts 4k groups a bit above 128 bits
> and well below 192 bits of security.   What are you referring to?
>
> --
> Darren Tucker (dtucker at dtucker.net)
> GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux