[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue May 26 22:40:40 AEST 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2302
--- Comment #5 from Darren Tucker <dtucker at zip.com.au> ---
(In reply to Damien Miller from comment #4)
> Comment on attachment 2630 [details]
> Make the DH-GEX fallback group 4k bit.
>
> Where did this group come from?
I generated it. I pulled it off the file being prepared for the next
moduli update.
> IMO it would be best to use one of
> the standard groups if we're picking another fixed one - logjam
> attacks aren't remotely plausible at this length, and doing so
> avoids any questions over the group's provenance.
Presumably someone said something similar about group1 and group14 at
one point?
> You could use the RFC3526 (ISAKMP) 4096-bit group:
> https://tools.ietf.org/html/rfc3526#page-5
Isn't the whole point of the LogJam style attacks is that up-front
precomputation against a fixed group used in many protocols pays
dividends across all of them? In this case we need a group, but we
don't need that particular group.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list