DH Group Exchange Fallback
Mark D. Baushke
mdb at juniper.net
Wed Sep 27 02:29:37 AEST 2017
Hi Joe,
Joseph S Testa II <jtesta at positronsecurity.com> writes:
> On 09/25/2017 01:54 AM, Mark D. Baushke wrote:
> > With the group18 8192-bit MODP prime, we are getting just under 192-bits
> > of security... depending on how you calculate it.
...wrong information for lager MODP bit sizes elided...
> According to NIST Special Publication 800-57, Part 1, Revision 4, p.
> 53,
> (https://urldefense.proofpoint.com/v2/url?u=http-3A__nvlpubs.nist.gov_nistpubs_SpecialPublications_NIST.SP.800-2D57pt1r4.pdf&d=DwICaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=6l1UaIK-spZ6HPOy-7bswQ&m=xDUuVrDCFCbo9ciNq9MtysnMa2_YXbeGNN_XvETpOhk&s=kT3E6dWUqCqdDcv4AS6wrdjOkiPGHkoB5-ifmfOG2js&e=
> ), a 7680-bit modulus is estimated to provide 192 bits of security.
> Hence, a 8192-bit modulus would provide a little over 192.
Okay, my recollection was clearly wrong. Thank you for the pointer.
> It also estimates that 256-bits of security is achieved with 15360-bit
> moduli.
Okay.
-- Mark
More information about the openssh-unix-dev
mailing list