[Bug 2515] Implement diffie-hellman-group{14,15,16)-sha256

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Apr 22 16:47:32 AEST 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2515

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2768|0                           |1
        is obsolete|                            |
                 CC|                            |dtucker at zip.com.au
   Attachment #2808|                            |ok?(dtucker at zip.com.au)
              Flags|                            |

--- Comment #10 from Damien Miller <djm at mindrot.org> ---
Created attachment 2808
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2808&action=edit
update to draft-ietf-curdle-ssh-kex-sha2-03 prefer groups 14, 16, 18

This updates Darren's diff to draft-ietf-curdle-ssh-kex-sha2-03,
specifically changing the hash for the group16 KEX to SHA512. This diff
also removes group 15 instead of group 18, so the groups supported are:

diffie-hellman-group14-sha256 - 2048 bit
diffie-hellman-group16-sha512 - 4096 bit
diffie-hellman-group18-sha512 - 8192 bit

IMO the powers of two are a bit cleaner than the intermediate ones. 

Finally, this tweaks the fallback group logic to choose the next larger
group a bit sooner and to consider the 8192 bit fixed group.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
You are watching the reporter of the bug.


More information about the openssh-bugs mailing list