search for: dh_estim

Hi All, I am trying to decode the message received from openssh client 3.1.0 Following is the third message which I received. length = 0000 008c padding length = 06 messagetype = 1e (SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) padding = b8 218e c680 and the next four byte should have the n which is 0000 0080 which is less than 1024. 0000 008c 061e 0000 0080 2a19 a9e4 05fb aee2 b107 4fa9 f0c1 83d3 3bf0

With the default openssh configuration, the selected cipher is aes128-ctr. This means that dh_estimate gets called with bits=128, so dh_estimate selects a DH modulus size of 1024 bits. This seems questionable. Since the NSA seems to be sniffing most internet traffic, keeping SSH sessions secure against after-the-fact offline attack matters, and 1024-bit DH is not convincingly secure against wel...

...=== RCS file: /cvs/src/usr.bin/ssh/kexgexc.c,v retrieving revision 1.15 diff -u -p -r1.15 kexgexc.c --- kexgexc.c 12 Jan 2014 08:13:13 -0000 1.15 +++ kexgexc.c 25 Jan 2014 10:04:23 -0000 @@ -55,7 +55,7 @@ kexgex_client(Kex *kex) int min, max, nbits; DH *dh; - nbits = dh_estimate(kex->we_need * 8); + nbits = dh_estimate(kex->dh_need * 8); if (datafellows & SSH_OLD_DHGEX) { /* Old GEX request */ -- You are receiving this mail because: You are watching the assignee of the bug.

Hello everybody, An issue was reported in RH bugzilla [1] about the size of the used DH group when combined with the 3des-cbc cipher. OpenSSH uses the actual key length for the size estimation. This is probably fine as far as the cipher has the same number of bits of security as the key length. But this is not true for 3TDEA where the key size is 168 resp 192 but it's security is only 112.

Hi, You will be aware of https://weakdh.org/ by now, I presume; the take-home seems to be that 1024-bit DH primes might well be too weak. I'm wondering what (if anything!) you propose to do about this issue, and what Debian might do for our users? openssh already prefers ECDH, which must reduce the impact somewhat, although the main Windows client (PuTTY) doesn't support ECDH yet. But

A few questions regarding the OpenSSH support for the Diffie Hellman key exchange algorithms: (1) Are the diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1" , "diffie-hellman-group14-sha1" "diffie-hellman-group1-sha1" (as defined in RFCs 4253 and RFC 4419) the complete list of key exchange algorithms supported by OpenSSH? (2) Is there a

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |