New snapshot

Niels Provos provos at citi.umich.edu
Sun Nov 19 00:07:43 EST 2000


In message <8v1bmg$gte$1 at kemoauc.mips.inka.de>, Christian Weisgerber writes:
>What is this file?  It's not documented in sshd(8)--nor OpenBSD's
>man pages in general.
I will fix that.

>Anyway, I did, and the situation improved.  From "ssh -v" I gather
>that whatever this Diffie-Hellman Group Exchange exchanges is down
>from 2048 to 1024 bits, resulting in a connection setup time of
>25+ seconds.  (Still a pain for practical use, of course.  Protocol 1
>takes about five seconds.)
SSHv2 computes an authenticated Diffie-Hellman key exchange.  It
requires more modular exponentation than in the simple RSA case.  And
an additional signature verification. In SSHv1 you just have to deal
with RSA, where at least the encryption part is quite fast for the
exponents in use.

The Diffie-Hellman group exchange allows the server to send new
DH groups to the client, which make precomputation undesirable.
Read http://www.citi.umich.edu/u/provos/tmp/dh-group-exchange-2.txt
for more information.

Niels.





More information about the openssh-unix-dev mailing list