3des cipher and DH group size

mancha mancha1 at hush.com
Sat Jan 25 08:23:09 EST 2014


Petr Lautrbach <plautrba <at> redhat.com> writes:
> 
> It was confirmed that openssh can't connect to the server with a server
> string 'SSH-2.0-cryptlib' using diffie-hellman-group-exchange-sha1 and
> 3des-cbc with SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192).
> 
> It's due to a issue in its code [1] which takes only requested value and
> is limited only to 4096 bits.

Setting aside 3DES's effective crypto strength and NIST guidelines, it's
unfortunate cryptlib-based SSH servers don't follow RFC4419
recommendations:

   "The server should return the smallest group it knows that is larger
   than the size the client requested.  If the server does not know a
   group that is larger than the client request, then it SHOULD return
   the largest group it knows.  In all cases, the size of the returned
   group SHOULD be at least 1024 bits."

Have you asked them what exceptional circumstances (cf. RFC2119) justify
the deviation?

--mancha



More information about the openssh-unix-dev mailing list