search for: specialpubl

That doesn't seem to be the case. See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf (5.6.1 Comparable Algorithm Strengths) On Fri, Feb 15, 2019 at 8:28 AM Darren Tucker <dtucker at dtucker.net> wrote: > > On Fri, 15 Feb 2019 at 16:00, Yegor Ievlev <koops1997 at gmail.com> wrote: > > I don't think there is any point to ge...

...group14, even when specifically told not to (by the admin removing 2048-bit groups in /etc/ssh/moduli). There's currently no way to ensure 100% that 2048-bit DH is disabled. - Joe [1] See NIST Special Publication 800-57, Part 1, Revision 4, p. 53, <http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf>.

...change further The https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev mailing list is the best place to discuss this. Alternately you can email the OpenSSH developers at openssh at openssh.com. Thanks, Damien Miller, on behalf of the OpenSSH project [1] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf [2] https://www.rfc-editor.org/rfc/rfc9142.html#section-1.1 [3] https://www.rfc-editor.org/rfc/rfc4253.html#section-6.6

...change further The https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev mailing list is the best place to discuss this. Alternately you can email the OpenSSH developers at openssh at openssh.com. Thanks, Damien Miller, on behalf of the OpenSSH project [1] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf [2] https://www.rfc-editor.org/rfc/rfc9142.html#section-1.1 [3] https://www.rfc-editor.org/rfc/rfc4253.html#section-6.6

I don't think there is any point to generate so many moduli. Actually, 3 moduli of sizes 2048, 3072 and 4096 seem like a sane choice. On Fri, Feb 15, 2019 at 7:58 AM Darren Tucker <dtucker at dtucker.net> wrote: > > On Fri, 15 Feb 2019 at 14:22, Yegor Ievlev <koops1997 at gmail.com> wrote: > > I'm not nearly knowledgeable enough in crypto to fully understand your

..., as the document suggests. On Fri, Feb 15, 2019 at 9:19 AM Darren Tucker <dtucker at dtucker.net> wrote: > > On Fri, 15 Feb 2019 at 16:45, Yegor Ievlev <koops1997 at gmail.com> wrote: > > That doesn't seem to be the case. See > > https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf > > (5.6.1 Comparable Algorithm Strengths) > > For DH, the "Comparable strengths" table lists L=3072 for 128 bits and > L=7680 for 192 bits. To me that puts 4k groups a bit above 128 bits > and well below 192 bits of security. What are...

Greetings, Given the weakness with Diffie-Hellman modp groups less than 2048, is it time to bump the suggested 1024 bit minimum value from the RFC 4419 to a more current 2048 value for OpenSSH 7.0? If so, should this be just a compile-time change, or should there be a new client and server runtime option? Thanks, -- Mark

On 25 September 2017 at 02:32, Mark D. Baushke <mdb at juniper.net> wrote: > [+CC Loganaden Velvindron <logan at hackers.mu>] primary author of > the RFC 4419 refresh draft. https://datatracker.ietf.org/doc/draft-lvelvindron-curdle-dh-group-exchange/ ? Tangent: has any consideration been given to increasing the maximum allowed beyond 8192 bits (which is below the current NIST

On 09/22/2017 03:22 PM, Daniel Kahn Gillmor wrote: > On Thu 2017-09-21 18:12:44 -0400, Joseph S Testa II wrote: >> I gotta say... having a fallback mechanism here seems pretty >> strange. The entire point of the group exchange is to use a dynamic >> group and not a static one. > > fwiw, i think dynamic groups for DHE key exchange is intrinsically > problematic

Hello, Sometime ago min rsa key length was increased to 1024 bit and i have a little understanding problem with this. I hope somebody with some crypto-experience can enlighten me. To make that clear, that is not about allowing lower keys in general. Personally i would tend to use even longer keys(2048bit+). However Due nature of RSA-algorithm in case of 1024bit this might result in a key