Displaying 7 results from an estimated 7 matches for "rfc3526".
Did you mean:
rfc3516
2019 Feb 15
4
Can we disable diffie-hellman-group-exchange-sha1 by default?
Also, how are default moduli shipped with OpenSSH for use in
diffie-hellman-group-exchange-sha1/sha256 chosen? Are they chosen
randomly by developers or are they chosen for security properties? If
they are random, why not use moduli from RFC 7919 instead, like
Mozilla recommends?
On Fri, Feb 15, 2019 at 3:48 AM Mark D. Baushke <mdb at juniper.net> wrote:
>
> Yegor Ievlev <koops1997
2015 May 26
1
[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
...fallback group 4k bit.
Where did this group come from? IMO it would be best to use one of the
standard groups if we're picking another fixed one - logjam attacks
aren't remotely plausible at this length, and doing so avoids any
questions over the group's provenance.
You could use the RFC3526 (ISAKMP) 4096-bit group:
https://tools.ietf.org/html/rfc3526#page-5
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
2014 Oct 28
22
[Bug 2302] New: ssh (and sshd) should not fall back to deselected KEX algos
https://bugzilla.mindrot.org/show_bug.cgi?id=2302
Bug ID: 2302
Summary: ssh (and sshd) should not fall back to deselected KEX
algos
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: ssh
2014 Oct 28
22
[Bug 2302] New: ssh (and sshd) should not fall back to deselected KEX algos
https://bugzilla.mindrot.org/show_bug.cgi?id=2302
Bug ID: 2302
Summary: ssh (and sshd) should not fall back to deselected KEX
algos
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: ssh
2019 Feb 15
4
Can we disable diffie-hellman-group-exchange-sha1 by default?
...roperties?
>
> That they are not fixed moduli is the security property itself.
>
> > If they are random, why not use moduli from RFC 7919 instead, like
> > Mozilla recommends?
>
> Ahh... a philosophical debate? The selection of primes generated
> based on digits of PI (RFC3526) vs E (RFC7919) (Euler's Number)?
>
> https://www.pleacher.com/mp/mhumor/epi.html
> https://www.reddit.com/r/math/comments/na7ua/pi_vs_e_debate/
> https://math.unca.edu/sites/default/files/documents/2013ParsonsLecture.pdf
> https://www.maa.org/press/maa-reviews/the-great-pie-deba...
2020 Nov 19
1
Smartcard logon
...ns for user
> administrator\@svitla3.room at SVITLA3.ROOM
> lastLogonTimestamp is 132502676716079710
> sync interval is 14
> randomised sync interval is 9 (-5)
> old timestamp is 132502676716079710, threshold 132495020852973370, diff
> 7655863106340
> Kerberos: PK-INIT using dh rfc3526-MODP-group14
> Kerberos: AS-REQ authtime: 2020-11-19T17:14:45 starttime: unset endtime:
> 2020-11-20T03:14:45 renew till: 2020-11-26T17:14:45
> Kerberos: Client supported enctypes: 12, 15, aes256-cts-hmac-sha1-96,
> aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, des-cbc-md5, using...
2015 May 27
4
[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
On Wed, May 27, 2015 at 05:08:25PM -0400, Daniel Kahn Gillmor wrote:
> On Tue 2015-05-26 15:39:49 -0400, Mark D. Baushke wrote:
> > Hi Folks,
> >
> > The generator value of 5 does not lead to a q-ordered subgroup which
> > is needed to pass tests in
> >
> > http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf
>
> I