Verification of primes in /etc/ssh/moduli file

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

Hello everybody!

For the past few years we've used a tool to double-check the security of
the primes shipped in the OpenSSH moduli file:
https://github.com/tomato42/ecpp-verifier
In short, it uses primality certificates to mathematically prove that all the parameters use safe primes and a bit of simple maths to check if they're not 
vulnerable to Special Number Field Sieve.

I wrote an article on why it's necessary, a high level overview how it
does it and how you can run it yourself:
https://www.redhat.com/en/blog/understanding-and-verifying-security-diffie-hellman-parameters
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux