[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Jun 13 05:41:23 AEST 2015
On Fri 2015-06-12 01:52:54 -0400, Mark D. Baushke wrote:
> I have communicated with Allen Roginsky on this topic and I have been given permission to post his response.
>
> In this message below, the 'vendor' was Darren Tucker's generated prime
> that used a generator value of 5.
>
> -- Mark
>
> From: "Roginsky, Allen" <allen.roginsky at nist.gov>
> Subject: RE: Question on SP 800-56A rev2
>
> The reason the y^q=1 (mod p) tests exists is to verify that y is in the
> required subgroup.
I think this answer "begs the question" -- yes, the mathematical test
verifies that y generates a subgroup of size q. But the question we
were discussing is why does the subgroup need to be of size q instead of
size p-1?
--dkg
More information about the openssh-unix-dev
mailing list