search for: nistpub

Displaying 20 results from an estimated 22 matches for "nistpub".

Did you mean: nistpubs
2019 Feb 15
2
Can we disable diffie-hellman-group-exchange-sha1 by default?
That doesn't seem to be the case. See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf (5.6.1 Comparable Algorithm Strengths) On Fri, Feb 15, 2019 at 8:28 AM Darren Tucker <dtucker at dtucker.net> wrote: > > On Fri, 15 Feb 2019 at 16:00, Yegor Ievlev <koops1997 at gmail.com> wrote: > > I don't think there is an...
2005 Jan 08
0
FYI: NIST issues recommendations for secure VOIP
Following is sharelessly copied from one of the newsgroups I read on grc.com.. /Soren NIST issues recommendations for secure VOIP http://www.gcn.com/vol1_no1/daily-updates/34747-1.html http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf *********************************************************** Quote *********************************************************** The National Institute of Standards and Technology has offered some cautionary advice for offices considering moving their telephone systems to v...
2015 Jul 24
2
DH_GRP_MIN is currently 1024, should it be bumped to 2048?
Greetings, Given the weakness with Diffie-Hellman modp groups less than 2048, is it time to bump the suggested 1024 bit minimum value from the RFC 4419 to a more current 2048 value for OpenSSH 7.0? If so, should this be just a compile-time change, or should there be a new client and server runtime option? Thanks, -- Mark
2013 Sep 10
4
[Bug 1647] Implement FIPS 186-3 for DSA keys
...L = 3072, N = 256 And it would seem that the L=2048,N=256 L=3072,N=256 selections are now possible while remaining standards compliant. It appears that OpenSSH has added support for SHA-256 and SHA-512 in version 5.9p1 (2011-09). [1] http://tools.ietf.org/html/rfc6668 [2] http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
2013 Sep 10
4
[Bug 1647] Implement FIPS 186-3 for DSA keys
...L = 3072, N = 256 And it would seem that the L=2048,N=256 L=3072,N=256 selections are now possible while remaining standards compliant. It appears that OpenSSH has added support for SHA-256 and SHA-512 in version 5.9p1 (2011-09). [1] http://tools.ietf.org/html/rfc6668 [2] http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
2015 May 27
4
[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
...5PM -0400, Daniel Kahn Gillmor wrote: > On Tue 2015-05-26 15:39:49 -0400, Mark D. Baushke wrote: > > Hi Folks, > > > > The generator value of 5 does not lead to a q-ordered subgroup which > > is needed to pass tests in > > > > http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf > > I pulled revision 2 of this document from here: > > https://dx.doi.org/10.6028/nist.sp.800-56ar2 > > The "FFC Domain Parameter Generation" section does say: > > g is a generator of the cyclic subgroup of GF(p)...
2013 Sep 10
1
ssh-keygen -t dsa limited to 1024?
...PS 186-3/186-4 standards compliant. It also appears that OpenSSH added support for both SHA-256 and SHA-512 in version 5.9p1 (2011-09). I have updated bug 1647 with the additional information. Are there any plans to add support for generating DSA 2048, 3072 keys? [1] http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf [2] https://bugzilla.mindrot.org/show_bug.cgi?id=1647 [3] http://tools.ietf.org/html/rfc6668 --Kyle P.S. What, by the way, does OpenSSH do if you have an existing DSA 2048 or 3072 key? (OpenSSL will generate them just fine.)
2017 Sep 23
2
DH Group Exchange Fallback
...back to group14, even when specifically told not to (by the admin removing 2048-bit groups in /etc/ssh/moduli). There's currently no way to ensure 100% that 2048-bit DH is disabled. - Joe [1] See NIST Special Publication 800-57, Part 1, Revision 4, p. 53, <http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf>.
2015 May 26
1
[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
https://bugzilla.mindrot.org/show_bug.cgi?id=2302 --- Comment #4 from Damien Miller <djm at mindrot.org> --- Comment on attachment 2630 --> https://bugzilla.mindrot.org/attachment.cgi?id=2630 Make the DH-GEX fallback group 4k bit. Where did this group come from? IMO it would be best to use one of the standard groups if we're picking another fixed one - logjam attacks aren't
2013 Sep 10
0
[Bug 1647] Implement FIPS 186-3 for DSA keys
...emented aes128-gcm at openssh.com and aes256-gcm at openssh.com with specified semantics during negotiation to ensure that a non-toxic selection is made and otherwise uses the RFC 5647 wire protocol for the traffic. > > [1] http://tools.ietf.org/html/rfc6668 > [2] http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf > > -- > You are receiving this mail because: > You are watching the assignee of the bug. > You are watching someone on the CC list of the bug. > _______________________________________________ > openssh-bugs mailing list > openssh-bugs at mindrot...
2023 Sep 03
1
[patch] ssh-keygen(1): generate Ed25519 keys when invoked without arguments
...release) is good timing to consider this change. Is there a reason not to do this? OK? Kind regards, Job Further reading: Original Ed25519 paper: https://ed25519.cr.yp.to/ed25519-20110926.pdf IETF RFC 8032: https://datatracker.ietf.org/doc/html/rfc8032 FIPS 186-5: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf Index: ssh-keygen.1 =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.1,v retrieving revision 1.229 diff -u -p -r1.229 ssh-keygen.1 --- ssh-keygen.1 23 Jul 2023 20:04:45 -0000 1.229 +++ ssh-keygen.1 3 Sep 2023 21...
2024 Jan 11
0
Announce: timeline to remove DSA support in OpenSSH
...uss this change further The https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev mailing list is the best place to discuss this. Alternately you can email the OpenSSH developers at openssh at openssh.com. Thanks, Damien Miller, on behalf of the OpenSSH project [1] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf [2] https://www.rfc-editor.org/rfc/rfc9142.html#section-1.1 [3] https://www.rfc-editor.org/rfc/rfc4253.html#section-6.6
2024 Jan 11
0
Announce: timeline to remove DSA support in OpenSSH
...uss this change further The https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev mailing list is the best place to discuss this. Alternately you can email the OpenSSH developers at openssh at openssh.com. Thanks, Damien Miller, on behalf of the OpenSSH project [1] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf [2] https://www.rfc-editor.org/rfc/rfc9142.html#section-1.1 [3] https://www.rfc-editor.org/rfc/rfc4253.html#section-6.6
2019 Feb 15
3
Can we disable diffie-hellman-group-exchange-sha1 by default?
I don't think there is any point to generate so many moduli. Actually, 3 moduli of sizes 2048, 3072 and 4096 seem like a sane choice. On Fri, Feb 15, 2019 at 7:58 AM Darren Tucker <dtucker at dtucker.net> wrote: > > On Fri, 15 Feb 2019 at 14:22, Yegor Ievlev <koops1997 at gmail.com> wrote: > > I'm not nearly knowledgeable enough in crypto to fully understand your
2019 Feb 15
2
Can we disable diffie-hellman-group-exchange-sha1 by default?
...to at all, as the document suggests. On Fri, Feb 15, 2019 at 9:19 AM Darren Tucker <dtucker at dtucker.net> wrote: > > On Fri, 15 Feb 2019 at 16:45, Yegor Ievlev <koops1997 at gmail.com> wrote: > > That doesn't seem to be the case. See > > https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf > > (5.6.1 Comparable Algorithm Strengths) > > For DH, the "Comparable strengths" table lists L=3072 for 128 bits and > L=7680 for 192 bits. To me that puts 4k groups a bit above 128 bits > and well below 192 bits of security...
2017 Sep 25
4
DH Group Exchange Fallback
On 25 September 2017 at 02:32, Mark D. Baushke <mdb at juniper.net> wrote: > [+CC Loganaden Velvindron <logan at hackers.mu>] primary author of > the RFC 4419 refresh draft. https://datatracker.ietf.org/doc/draft-lvelvindron-curdle-dh-group-exchange/ ? Tangent: has any consideration been given to increasing the maximum allowed beyond 8192 bits (which is below the current NIST
2017 Sep 22
6
DH Group Exchange Fallback
On 09/22/2017 03:22 PM, Daniel Kahn Gillmor wrote: > On Thu 2017-09-21 18:12:44 -0400, Joseph S Testa II wrote: >> I gotta say... having a fallback mechanism here seems pretty >> strange. The entire point of the group exchange is to use a dynamic >> group and not a static one. > > fwiw, i think dynamic groups for DHE key exchange is intrinsically > problematic
2019 Apr 11
4
Understanding Problem with rsa min key length 1024
Hello, Sometime ago min rsa key length was increased to 1024 bit and i have a little understanding problem with this. I hope somebody with some crypto-experience can enlighten me. To make that clear, that is not about allowing lower keys in general. Personally i would tend to use even longer keys(2048bit+). However Due nature of RSA-algorithm in case of 1024bit this might result in a key
2015 May 21
8
Weak DH primes and openssh
Hi, You will be aware of https://weakdh.org/ by now, I presume; the take-home seems to be that 1024-bit DH primes might well be too weak. I'm wondering what (if anything!) you propose to do about this issue, and what Debian might do for our users? openssh already prefers ECDH, which must reduce the impact somewhat, although the main Windows client (PuTTY) doesn't support ECDH yet. But
2014 Oct 28
22
[Bug 2302] New: ssh (and sshd) should not fall back to deselected KEX algos
https://bugzilla.mindrot.org/show_bug.cgi?id=2302 Bug ID: 2302 Summary: ssh (and sshd) should not fall back to deselected KEX algos Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: security Priority: P5 Component: ssh