[Bug 3387] Will future versions of openssh not support DHE because of "dheater" vulnerability :CVE-2002-20001?
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Feb 14 16:33:27 AEDT 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3387
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
It's probably an intrinsic issue to any cryptographic key agreement
protocol that an attacker can cause the server to do useless work. I
don't think ECDSA or any of the PQ KEM algorithms will be any less
susceptible, though they are faster so the impact is less.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list