Displaying 20 results from an estimated 300 matches similar to: "DH parameter length too small?"
2013 Nov 05
2
ssl-params regeneration with dovecot 2.2.7
Hello,
after switching from version 2.2.7 to 2.2.7 I miss the loglines which say:
ssl-params: Generating SSL parameters
ssl-params: SSL parameters regeneration completed
The configuration has not been changed and reads:
| # 2.2.7: /usr/local/dovecot/etc/dovecot/dovecot.conf
| # OS: Linux 2.6.35.14-106.fc14.i686.PAE i686 Fedora release 14 (Laughlin) ext3
| auth_mechanisms = plain login
|
2008 Jun 16
1
Restrict permission changes
Hello,
I've a share with preset permissions on different directories including acls.
So in one folder for example users can only read and into other read and write.
Everything works fine. The Problem is if one user decides to change the
permission of a file or directory (via Windows) the acls and permissions get
are messed up.
How can I restrict users from changing permission on a share? I
2005 Oct 01
3
I gave up.-...-.-.-.- :''(
Actually i gave up, i tried and tried and tried so many times, upgrading software falling back to an old version
but it didn''t work, that''s it.
i can''t do work together tc with iptables and iproute2
when i mark a packet with iptables tc doesn''t recognize them so it falls at the default leaf of the tc''s tree
what i like is to mark packets depending on
2008 Jun 11
1
Some kind of weird setup ...
Hello,
I've some questions for you and hope you can help me with some issues. I'll
start with the (hopefully) easier one. I'm working with Samba 3.0.28a an Ubuntu
8.04.
1. There's a share on an ext3 fs with user quota set. If I mount that share to
another Ubuntu, how am I able to see the "free space" I have on that device? df
only reports the free space of the
2019 Apr 11
4
Understanding Problem with rsa min key length 1024
Hello,
Sometime ago min rsa key length was increased to 1024 bit and i have a
little understanding problem with this.
I hope somebody with some crypto-experience can enlighten me. To make
that clear, that is not about allowing lower keys in general.
Personally i would tend to use even longer keys(2048bit+).
However Due nature of RSA-algorithm in case of 1024bit this might result
in a key
2013 Oct 14
2
Re: event handler
Michal Privoznik писал 2013-10-14 11:39:
> On 14.10.2013 10:33, Alexandr wrote:
>> Michal Privoznik писал 2013-10-14 08:48:
>>> On 14.10.2013 02:42, Alexandr wrote:
>>>> good day to all.
>>>> i still have not solved my problem with event handling.
>>>> currently i have following code
>>>>
>>>>
>>>> void
2015 Jun 02
1
[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
https://bugzilla.mindrot.org/show_bug.cgi?id=2302
--- Comment #13 from Darren Tucker <dtucker at zip.com.au> ---
(In reply to Christoph Anton Mitterer from comment #10)
[...]
> Even though an attacker cannot (AFAIU??) for a connection to
> downgrade to the weaker groups,
The server's DH-GEX exchange hash includes the DH group sizes it
received from the client. If these are
2015 May 26
1
[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
https://bugzilla.mindrot.org/show_bug.cgi?id=2302
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Comment on attachment 2630
--> https://bugzilla.mindrot.org/attachment.cgi?id=2630
Make the DH-GEX fallback group 4k bit.
Where did this group come from? IMO it would be best to use one of the
standard groups if we're picking another fixed one - logjam attacks
aren't
2014 Oct 28
2
[Bug 2303] New: ssh (and perhaps even sshd) should allow to specify the minimum DH group sizes for DH GEX
https://bugzilla.mindrot.org/show_bug.cgi?id=2303
Bug ID: 2303
Summary: ssh (and perhaps even sshd) should allow to specify
the minimum DH group sizes for DH GEX
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
2006 Mar 21
5
HFSC and default qdisc backlog
I don''t understand the following:
root@jmnrouter:~# tc -s class ls dev vlan1 && tc -s qdisc ls dev vlan1
class hfsc 1: root
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
period 0 level 2
class hfsc 1:1 parent 1: sc m1 0bit d 0us m2 220000bit ul m1 0bit d 0us m2
220000bit
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
period 31304 work 7533852 bytes level 1
class hfsc 1:10
2013 Oct 14
2
Re: event handler
Michal Privoznik писал 2013-10-14 08:48:
> On 14.10.2013 02:42, Alexandr wrote:
>> good day to all.
>> i still have not solved my problem with event handling.
>> currently i have following code
>>
>>
>> void libvirt_eventloop_thr_func()
>> {
>> while(true) //TODO: stop somehow on exit
>> {
>>
2015 Jun 12
2
[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
On Fri 2015-06-12 01:52:54 -0400, Mark D. Baushke wrote:
> I have communicated with Allen Roginsky on this topic and I have been given permission to post his response.
>
> In this message below, the 'vendor' was Darren Tucker's generated prime
> that used a generator value of 5.
>
> -- Mark
>
> From: "Roginsky, Allen" <allen.roginsky at
2015 May 27
4
[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
On Wed, May 27, 2015 at 05:08:25PM -0400, Daniel Kahn Gillmor wrote:
> On Tue 2015-05-26 15:39:49 -0400, Mark D. Baushke wrote:
> > Hi Folks,
> >
> > The generator value of 5 does not lead to a q-ordered subgroup which
> > is needed to pass tests in
> >
> > http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf
>
> I
2002 Sep 11
1
Silly question on DH key exch in ssh
hello,
I'm also developing a ssh application in java and I also got stuck with
DH-Key Exchange.
I just get to the SSH_MSG_KEXDH_REPLY from the server. But what is he
expecting me to send
then, as far as I understand the Transport Layer Protcol I should send the
SSH_MSG_NEWKEYS
message, but that doesn't work.
Does anyone know what to send then?
(the hint from Markus Friedl with kexdh.c
2006 Feb 20
1
the EXTRAVERSION problem in dh-kpatches...
... is actually old & very well known by the maintainer!
there is a bug report for exactly this that is 3 years and 124 days old!
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=165505
I can also add my report to this bug and mention that we need a fixed version
for our xen packages, but as it looks for me (at the moment) the maintainer
is not really interessted in getting this
2003 May 15
1
[Bug 567] ssh-keygen: DH parameter generation failed
http://bugzilla.mindrot.org/show_bug.cgi?id=567
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|critical |major
Component|Build system |ssh-keygen
Summary|pb at the end of compil with|ssh-keygen: DH parameter
2013 May 31
0
DH group selection for SHA2-512 bit HMAC.
Hi. I've got the following problem with our SSH client library:
- client connects to OpenSSH 5.9+ server and they choose hmac-sha2-512
with diffie-hellman-group-exchange-sha256.
- client sends MSG_KEX_DH_GEX_REQUEST DH group request with parameters
(1024, 1024, 8192).
I.e. minimum and preferred group size is 1024-bit,
- OpenSSH server in kexgexs.c:kexgex_server processes this message and
2013 Oct 03
0
DH modulus size
With the default openssh configuration, the selected cipher is
aes128-ctr. This means that dh_estimate gets called with bits=128, so
dh_estimate selects a DH modulus size of 1024 bits.
This seems questionable. Since the NSA seems to be sniffing most
internet traffic, keeping SSH sessions secure against after-the-fact
offline attack matters, and 1024-bit DH is not convincingly secure
against
2013 Sep 10
1
DH Parameter
Hi!
Is there any possibility to let dovecot serve >1024 Bit DH Parameters at
SSL/TLS-connections? Is it possible to replace
/var/lib/dovecot/ssl-parameters.ssl with DH-parameter generated by openssl?
If not: Are there any plans to implement that?
Thank you!
2018 Feb 19
2
lmtp: Couldn't parse DH parameters
I'm using SSL for dovecot, and dovecot kindly warned me on startup that I
needed the ssl_dh parameter, which I specified:
# grep -P '^ssl_dh' /etc/dovecot/conf.d/10-ssl.conf
ssl_dh = </etc/dovecot/dh.pem
And I generated the file, as specified in the comment:
# openssl dhparam -out /etc/dovecot/dh.pem 4096
The file contains the appropriate headers:
# grep -P '^\-'