3des cipher and DH group size

Hubert Kario hkario at redhat.com
Tue Feb 18 22:54:21 EST 2014


----- Original Message -----
> From: "Damien Miller" <djm at mindrot.org>
> To: "Hubert Kario" <hkario at redhat.com>
> Cc: "mancha" <mancha1 at hush.com>, openssh-unix-dev at mindrot.org
> Sent: Tuesday, 18 February, 2014 4:53:42 AM
> Subject: Re: 3des cipher and DH group size
> 
> On Mon, 17 Feb 2014, Hubert Kario wrote:
> 
> > > I choose standards and objective guidelines over your personal
> > > definitions of "relatively secure" and "normal person".
> > 
> > The standards say quite explicitly: iff 3DES => 2k DH. iff AES-128 => 3k
> > DH.
> > They don't say if SHA-1 MAC => 7k DH.
> > 
> > But that's what current code is doing.
> > 
> > FIPS (it even has "Standard" in the name) says that we shouldn't use
> > DH with keys over 3072 bits, ever. Why you're not following it?
> 
> FIPS always lags good practice. E.g. permitting single DES until 2007.

I was trying to show that even when you "choose standards" you still
have a lot of space for interpretation, not to mention you have to choose which
standards you want to follow, as more often that not, they are incompatible
between each other.

-- 
Regards,
Hubert Kario
BaseOS QE Security team
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic


More information about the openssh-unix-dev mailing list