Weak DH primes and openssh
Damien Miller
djm at mindrot.org
Sat May 30 00:09:47 AEST 2015
On Fri, 29 May 2015, Hubert Kario wrote:
> Not really, no.
>
> We can use this time an initial seed of "OpenSSH 1024 bit prime, attempt #1".
> Next time we generate the primes we can use the initial seed of "2017 OpenSSH
> 1024 bit prime, attempt #1", but we can use just as well a "2nd generation
> OpenSSH 1024 bit DH parameters, try number 1". Then we can also change the
> algorithm to use this seed for M-R witnesses, or not. Then we can use SHA-512
> instead of SHA-256, or some SHA-3 variant.
If you're constantly changing the parameters, then this is the opposite of
NUMS. Anyway, I don't think a NUMS-like approach is necessary. It certainly
isn't with users independently generating primality certificates.
-d
More information about the openssh-unix-dev
mailing list