similar to: primes

Displaying 20 results from an estimated 7000 matches similar to: "primes"

2001 Apr 03
2
the "primes" file
In message <Pine.LNX.4.30.0104031615270.8678-100000 at holly.crl.go.jp>, Tom Holro yd writes: >SRP has different requirements from Diffie-Hellman. In particular, >for SRP the generator must be primitive. It turns out that the "primes" >file contains only safe primes with primitive generators, and is thus >ideal for SRP, but so far in OpenSSH it has only been used for
2015 May 23
2
Weak DH primes and openssh
> Can this be addressed in ssh_config/sshd_config with the KexAlgorithms setting? weakdh.org/sysadmin.html recommends adding: KexAlgorithms curve25519-sha256 at libssh.org But this thread makes it sound as if it's not necessary. Can anyone confirm? Personally I'm on openssh-6.7. - Grant > You will be aware of https://weakdh.org/ by now, I presume; the take-home seems to be
2015 May 22
3
Weak DH primes and openssh
On Fri, May 22, 2015 at 12:27:01, Darren Tucker <dtucker at zip.com.au> wrote: > Note that PuTTY does do Diffie-Hellman Group Exchange, but until very > recently (ie after their 0.64 release) they didn't do the one that was > actually standardized in RFC4419. OpenSSH recently removed support for > that non-standard one and as a result we don't offer DHGEX to PuTTY >
2001 Nov 09
1
Fix to track-kameipv6 branch for socket.c
I ran into a problem where systems without DNS entries could not connect to the rsync server with the IPV6 patch applied. Here is a fix to the problem. Basically they were checking the list of IP addresses returned by getaddr even if getaddr failed. I just changed it so they only check the list of IP addresses if getaddr succeeds. Any comments on this please email me directly because I do not
2015 May 21
8
Weak DH primes and openssh
Hi, You will be aware of https://weakdh.org/ by now, I presume; the take-home seems to be that 1024-bit DH primes might well be too weak. I'm wondering what (if anything!) you propose to do about this issue, and what Debian might do for our users? openssh already prefers ECDH, which must reduce the impact somewhat, although the main Windows client (PuTTY) doesn't support ECDH yet. But
2007 Sep 21
4
Diffie Hellman key exchange algorithms
A few questions regarding the OpenSSH support for the Diffie Hellman key exchange algorithms: (1) Are the diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1" , "diffie-hellman-group14-sha1" "diffie-hellman-group1-sha1" (as defined in RFCs 4253 and RFC 4419) the complete list of key exchange algorithms supported by OpenSSH? (2) Is there a
2019 Feb 15
4
Can we disable diffie-hellman-group-exchange-sha1 by default?
I'm not nearly knowledgeable enough in crypto to fully understand your answer, but I will try. I wonder why moduli are not automatically generated the first time sshd is started though. That would make much more sense than shipping a default moduli file but also asking everyone to replace it with their own. On Fri, Feb 15, 2019 at 5:50 AM Mark D. Baushke <mdb at juniper.net> wrote: >
2015 Oct 19
0
Article : NSA can break trillions of encrypted VPN connections
On Mon, Oct 19, 2015 at 11:28:04AM +0200, Florent B wrote: > Have you read this article from ars technica ? > > http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/ Yes. > What I understand is that 1024-bits Diffie-Hellman keys are broken by NSA. More precisely, they can spend a lot of effort to break Diffie-Hellman for a
2007 Jan 08
0
How to remove group1 and group14 from OpenSSH..
Hello everyone.. I am fairly new to the patching format.. so I just decided to post a basic info about how to remove group1 and group14 diffie key exchange in OpenSSH. I know that they are listed as required in RFC 4253 but I don't want a client to have the choice to use a 1024 bit prime for the key exchange. If someone is getting into my system.. they should upgrade to a new client. I am a
2001 Mar 23
1
openssh 2.3.0p1-5 loses stdout
Hello all In a recent spate of paranoia we set our server (SuSE Linux 7.0, kernel 2.2.16) to use SSH version 2 and not SSH1. With openssh 2.3.0p1-5 running as client and server, we find that stdout output is occasionally dropped: ssh server echo "JJJ" usually emits JJJ, but sometimes returns nothing -- although the command is apparently performed. In the happy case the server logs
2016 Mar 30
6
[Bug 2559] New: Warnings from reading moduli file, refer to primes file
https://bugzilla.mindrot.org/show_bug.cgi?id=2559 Bug ID: 2559 Summary: Warnings from reading moduli file, refer to primes file Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd
2013 Sep 24
3
2048-bit Diffie-Hellman parameters
Currently, dovecot generates two primes for Diffie-Hellman key exchanges: a 512-bit one and a 1024-bit one. In light of recent events, I think it would be wise to add support for 2048-bit primes as well, or even better, add a configuration option that lets the user select a file (or files) containing the DH parameters In recent years, there has been increased interest in DH especially in its
2015 May 27
3
Weak DH primes and openssh
On Wed 2015-05-27 05:23:41 -0400, Hubert Kario wrote: > On Tuesday 26 May 2015 15:10:01 Daniel Kahn Gillmor wrote: >> On Tue 2015-05-26 14:02:07 -0400, Hubert Kario wrote: >> > OEIS A014233 >> >> Hm, this is a sequence, but not an algorithm. It looks to me like it is >> not exhaustive, just a list of those integers which are known to have >> the stated
2008 Nov 23
4
[Bug 1540] New: Incorrect hash in SSH_MSG_KEX_DH_GEX_REPLY
https://bugzilla.mindrot.org/show_bug.cgi?id=1540 Summary: Incorrect hash in SSH_MSG_KEX_DH_GEX_REPLY Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy:
2024 Jan 27
2
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
On Fri, Jan 26, 2024 at 7:24?PM Jochen Bern <Jochen.Bern at binect.de> wrote: > On 25.01.24 14:09, Kaushal Shriyan wrote: > > I am running the below servers on Red Hat Enterprise Linux release 8.7 > > How do I enable strong KexAlgorithms, Ciphers and MACs > > On RHEL 8, you need to be aware that there are "crypto policies" > modifying sshd's behaviour,
2001 Jan 17
1
couple of questions
This is regarding openssh 2.3.0p1 (the following problem was seen on Linux client / server): I have a problem with openssh when i don't "login": ie. i do the following: ssh -2 10.1.6.13 echo 0 It doesn't print the "0". However, i can get it to print the "0" by doing the following: ssh -2 10.1.6.13 echo 0 \; sleep 1 using "ssh -2 10.1.6.13"
2000 Nov 12
0
scp problems?
Hi. So I have been having problems using scp to copy files between two of my machines, both of which are running OpenSSH 2.30p1 (though I've had the same problem with previous versions). It is basically as simple as the file not being transferred after authentication occurs. I can however use scp to copy files back and forth from another machine using a SSH Communications version
2018 Apr 13
1
[PATCH] virtio_balloon: add array of stat names
On Fri, Apr 13, 2018 at 11:53:31AM -0700, Jonathan Helman wrote: > > > On 04/13/2018 06:44 AM, Michael S. Tsirkin wrote: > > Jason Wang points out that it's vary hard for users to build an array of > > s/vary/very > > > stat names. The naive thing is to use VIRTIO_BALLOON_S_NR but that > > breaks if we add more stats. > > > > Let's add
2018 Apr 13
0
[virtio-dev] Re: [PATCH v2] virtio_balloon: export hugetlb page allocation counts
On 2018?04?12? 08:24, Jonathan Helman wrote: > > > On 04/10/2018 08:12 PM, Jason Wang wrote: >> >> >> On 2018?04?10? 05:11, Jonathan Helman wrote: >>> >>> >>> On 03/22/2018 07:38 PM, Jason Wang wrote: >>>> >>>> >>>> On 2018?03?22? 11:10, Michael S. Tsirkin wrote: >>>>> On Thu, Mar 22, 2018 at
2018 Apr 13
1
[virtio-dev] Re: [PATCH v2] virtio_balloon: export hugetlb page allocation counts
On Fri, Apr 13, 2018 at 10:10:57AM -0700, Jonathan Helman wrote: > > > On 04/13/2018 06:44 AM, Michael S. Tsirkin wrote: > > On Fri, Apr 13, 2018 at 03:01:11PM +0800, Jason Wang wrote: > > > > > > > > > On 2018?04?12? 08:24, Jonathan Helman wrote: > > > > > > > > > > > > On 04/10/2018 08:12 PM, Jason Wang wrote: