3des cipher and DH group size
mancha
mancha1 at hush.com
Sat Jan 25 08:23:09 EST 2014
Petr Lautrbach <plautrba <at> redhat.com> writes:
>
> It was confirmed that openssh can't connect to the server with a server
> string 'SSH-2.0-cryptlib' using diffie-hellman-group-exchange-sha1 and
> 3des-cbc with SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192).
>
> It's due to a issue in its code [1] which takes only requested value and
> is limited only to 4096 bits.
Setting aside 3DES's effective crypto strength and NIST guidelines, it's
unfortunate cryptlib-based SSH servers don't follow RFC4419
recommendations:
"The server should return the smallest group it knows that is larger
than the size the client requested. If the server does not know a
group that is larger than the client request, then it SHOULD return
the largest group it knows. In all cases, the size of the returned
group SHOULD be at least 1024 bits."
Have you asked them what exceptional circumstances (cf. RFC2119) justify
the deviation?
--mancha
More information about the openssh-unix-dev
mailing list