Rekey regression test: How is GCM magical?
Christian Weisgerber
naddy at mips.inka.de
Sun Nov 17 06:59:52 EST 2013
Markus Friedl:
> > (chacha20-poly1305 doesn't work with diffie-hellman-group1-sha1
> > because the latter can't provide the required 512 bits of key
> > material.)
>
> why should it not work? in this case the key gets expanded,
> even if the security margin of the kex is smaller.
Well, it doesn't.
$ ssh -c chacha20-poly1305 at openssh.com -oKexAlgorithms=diffie-hellman-group1-sha1 localhost
dh_gen_key: group too small: 1024 (2*need 1024)
--
Christian "naddy" Weisgerber naddy at mips.inka.de
More information about the openssh-unix-dev
mailing list