Displaying 20 results from an estimated 1000 matches similar to: "DH_GRP_MIN is currently 1024, should it be bumped to 2048?"
2015 May 21
8
Weak DH primes and openssh
Hi,
You will be aware of https://weakdh.org/ by now, I presume; the
take-home seems to be that 1024-bit DH primes might well be too weak.
I'm wondering what (if anything!) you propose to do about this issue,
and what Debian might do for our users?
openssh already prefers ECDH, which must reduce the impact somewhat,
although the main Windows client (PuTTY) doesn't support ECDH yet. But
2017 Sep 25
4
DH Group Exchange Fallback
On 25 September 2017 at 02:32, Mark D. Baushke <mdb at juniper.net> wrote:
> [+CC Loganaden Velvindron <logan at hackers.mu>] primary author of
> the RFC 4419 refresh draft.
https://datatracker.ietf.org/doc/draft-lvelvindron-curdle-dh-group-exchange/ ?
Tangent: has any consideration been given to increasing the maximum
allowed beyond 8192 bits (which is below the current NIST
2014 Oct 28
22
[Bug 2302] New: ssh (and sshd) should not fall back to deselected KEX algos
https://bugzilla.mindrot.org/show_bug.cgi?id=2302
Bug ID: 2302
Summary: ssh (and sshd) should not fall back to deselected KEX
algos
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: ssh
2014 Oct 28
22
[Bug 2302] New: ssh (and sshd) should not fall back to deselected KEX algos
https://bugzilla.mindrot.org/show_bug.cgi?id=2302
Bug ID: 2302
Summary: ssh (and sshd) should not fall back to deselected KEX
algos
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: ssh
2013 Jun 19
1
OpenSSH and RFC 5114
I apologize up-front if this is the wrong list for this question.
Can OpenSSH be made to work with the MODP Groups in RFC 5114? ?The RFC itself makes a comment in section 3.4 that mentions that RFC 4419 extended the original SSH model to allow Diffie-Hellman parameters to be transmitted as part of the key exchange messages, but I'm not clear how that works with OpenSSH's moduli file.
Do
2017 Sep 24
3
DH Group Exchange Fallback
On 09/24/2017 12:21 AM, Mark D. Baushke wrote:
> I suggest you upgrade to a more recent edition of the OpenSSH software.
> The most recent release is OpenSSH 7.5 and OpenSSH 7.6 will be released
> very soon.
This problem is in v7.5 and v7.6. See dh.c:436.
> OpenSSH 6.6 was first released on October 6, 2014.
I brought up v6.6 to give an example that older clients wouldn't be
2003 Dec 04
8
[Bug 769] dh-group-exchange should be configurable off in client and server
http://bugzilla.mindrot.org/show_bug.cgi?id=769
Summary: dh-group-exchange should be configurable off in client
and server
Product: Portable OpenSSH
Version: 3.7p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: ssh
AssignedTo:
2015 May 27
4
[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
On Wed, May 27, 2015 at 05:08:25PM -0400, Daniel Kahn Gillmor wrote:
> On Tue 2015-05-26 15:39:49 -0400, Mark D. Baushke wrote:
> > Hi Folks,
> >
> > The generator value of 5 does not lead to a q-ordered subgroup which
> > is needed to pass tests in
> >
> > http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf
>
> I
2017 Sep 21
5
DH Group Exchange Fallback
Hi,
I'm interested in requiring a minimum of 3072-bit DH moduli when
using the "diffie-hellman-group-exchange-sha256" kex, so I edited my
/etc/ssh/moduli file such that only 3071+ moduli are left. However,
when clients ask for a max of 2048-bit moduli, they actually get one
(!). I poked around and found that a fallback mechanism exists
(dh.c:185), which returns back the
2015 May 26
1
[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
https://bugzilla.mindrot.org/show_bug.cgi?id=2302
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Comment on attachment 2630
--> https://bugzilla.mindrot.org/attachment.cgi?id=2630
Make the DH-GEX fallback group 4k bit.
Where did this group come from? IMO it would be best to use one of the
standard groups if we're picking another fixed one - logjam attacks
aren't
2017 Sep 23
2
DH Group Exchange Fallback
On 09/22/2017 06:55 PM, Tim Broberg wrote:
> Do I understand correctly, that you find the security of group 14 unacceptable and yet you left it enabled?
In the end, I'm trying to ensure a minimum equivalent of 128-bits of
security. Group14 is 2048-bits, which roughly translates to 112-bits. [1]
To this end, I disabled the "diffie-hellman-group14-sha1" and
2015 May 23
2
Weak DH primes and openssh
> Can this be addressed in ssh_config/sshd_config with the KexAlgorithms setting?
weakdh.org/sysadmin.html recommends adding:
KexAlgorithms curve25519-sha256 at libssh.org
But this thread makes it sound as if it's not necessary. Can anyone
confirm? Personally I'm on openssh-6.7.
- Grant
> You will be aware of https://weakdh.org/ by now, I presume; the take-home seems to be
2014 Oct 28
1
[Bug 2303] New: ssh (and perhaps even sshd) should allow to specify the minimum DH group sizes for DH GEX
https://bugzilla.mindrot.org/show_bug.cgi?id=2303
Bug ID: 2303
Summary: ssh (and perhaps even sshd) should allow to specify
the minimum DH group sizes for DH GEX
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
2015 May 29
16
Call for testing: OpenSSH 6.9
Hi,
OpenSSH 6.9 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains
some substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is
2017 Sep 23
2
DH Group Exchange Fallback
On 09/22/2017 06:10 PM, Mark D. Baushke wrote:
> I suppose you want to be more paranoid:
>
> DH *
> dh_new_group_fallback(int max)
> {
> debug3("%s: requested max size %d", __func__, max);
> if (max <= 2048) {
> debug3("using 2k bit group 14");
> return dh_new_group14();
> }
2013 Oct 03
1
ssh-keygen DSA keys longer than 1024 bit
Hi,
Why is there still a limit on the length of a DSA key generated by
ssh-keygen? I mean that ssh-keygen only expects 1024 as key length, or
fails. Here is the code excerpt that enforces the limitation:
if (type == KEY_DSA && *bitsp != 1024)
fatal("DSA keys must be 1024 bits");
Commenting these two lines allows the generation of, say, 2048 bit DSA keys
that work just fine
2009 Oct 06
1
[LLVMdev] 2.6/trunk Execution Engine question
On Tue, Oct 6, 2009 at 5:49 PM, Reid Kleckner <rnk at mit.edu> wrote:
>> Also, the null pointer is coming from a call to JCE->allocateSpace().
>> This is a virtual function; I'm trying to discover what subclass it
>> is.
>
> So, there's JITEmitter::allocateSpace which overrides
> JITCodeEmitter::allocateSpace(), but *most* of the time it just calls
>
2007 Nov 15
2
IPSEC help
Hi,
I am new to ipsec and trying to connect my bsd server with win 2000. I have succeeded to tunnel using pre-shared key. But regarding certificate , I failed to get success.
The following are configuration :
racoon.conf
path certificate "/usr/local/openssl/certs" ;
# "log" specifies logging level. It is followed by either "notify",
2010 Mar 03
2
Viewing cetificate details
Hi,
I don't see any way to view the details of a certificate once it is
generated. Having such a capability would be very handy for debugging
purposes to check what constraints, principals, and validity interval
are associated with a given cert.
--
Iain Morgan
2008 Jun 19
2
Create Matrix from Loop of Vectors, Sort It and Pick Top-K
Hi,
I have the following dataset (simplified for example).
__DATA__
300.35 200.25 104.30
22.00 31.12 89.99
444.50 22.10 43.00
22.10 200.55 66.77
Now from that I wish to do the following:
1. Compute variance of each row
2. Pick top-2 row with highest variance
3. Store those selected rows for further processing
To achieve this, I tried to: a) read the table and compute
variance for each row,