Re: SHA-1 practical recommendations?

Damien Miller <djm@xxxxxxxxxxx> · Fri, 12 Mar 2021 09:38:17 +1100 (AEDT)

On Fri, 12 Mar 2021, Damien Miller wrote:

> > Is this guaranteed to be true even if /etc/ssh/moduli contains small
> > primes (e.g. 1023 bits)?
> 
> Yes, see dh_estimate() in dh.c - it will never select a <2048 bit
> group and will usually select one considerably larger,
> 
> If /etc/moduli is missing then dh_new_group_fallback() will use either a
> 2k or 4k group.

or an 8k group
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev