similar to: DH_GRP_MIN is currently 1024, should it be bumped to 2048?

Hi, You will be aware of https://weakdh.org/ by now, I presume; the take-home seems to be that 1024-bit DH primes might well be too weak. I'm wondering what (if anything!) you propose to do about this issue, and what Debian might do for our users? openssh already prefers ECDH, which must reduce the impact somewhat, although the main Windows client (PuTTY) doesn't support ECDH yet. But

On 25 September 2017 at 02:32, Mark D. Baushke <mdb at juniper.net> wrote: > [+CC Loganaden Velvindron <logan at hackers.mu>] primary author of > the RFC 4419 refresh draft. https://datatracker.ietf.org/doc/draft-lvelvindron-curdle-dh-group-exchange/ ? Tangent: has any consideration been given to increasing the maximum allowed beyond 8192 bits (which is below the current NIST

https://bugzilla.mindrot.org/show_bug.cgi?id=2302 Bug ID: 2302 Summary: ssh (and sshd) should not fall back to deselected KEX algos Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: security Priority: P5 Component: ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=2302 Bug ID: 2302 Summary: ssh (and sshd) should not fall back to deselected KEX algos Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: security Priority: P5 Component: ssh

I apologize up-front if this is the wrong list for this question. Can OpenSSH be made to work with the MODP Groups in RFC 5114? ?The RFC itself makes a comment in section 3.4 that mentions that RFC 4419 extended the original SSH model to allow Diffie-Hellman parameters to be transmitted as part of the key exchange messages, but I'm not clear how that works with OpenSSH's moduli file. Do

On 09/24/2017 12:21 AM, Mark D. Baushke wrote: > I suggest you upgrade to a more recent edition of the OpenSSH software. > The most recent release is OpenSSH 7.5 and OpenSSH 7.6 will be released > very soon. This problem is in v7.5 and v7.6. See dh.c:436. > OpenSSH 6.6 was first released on October 6, 2014. I brought up v6.6 to give an example that older clients wouldn't be

http://bugzilla.mindrot.org/show_bug.cgi?id=769 Summary: dh-group-exchange should be configurable off in client and server Product: Portable OpenSSH Version: 3.7p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo:

On Wed, May 27, 2015 at 05:08:25PM -0400, Daniel Kahn Gillmor wrote: > On Tue 2015-05-26 15:39:49 -0400, Mark D. Baushke wrote: > > Hi Folks, > > > > The generator value of 5 does not lead to a q-ordered subgroup which > > is needed to pass tests in > > > > http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf > > I

Hi, I'm interested in requiring a minimum of 3072-bit DH moduli when using the "diffie-hellman-group-exchange-sha256" kex, so I edited my /etc/ssh/moduli file such that only 3071+ moduli are left. However, when clients ask for a max of 2048-bit moduli, they actually get one (!). I poked around and found that a fallback mechanism exists (dh.c:185), which returns back the

https://bugzilla.mindrot.org/show_bug.cgi?id=2302 --- Comment #4 from Damien Miller <djm at mindrot.org> --- Comment on attachment 2630 --> https://bugzilla.mindrot.org/attachment.cgi?id=2630 Make the DH-GEX fallback group 4k bit. Where did this group come from? IMO it would be best to use one of the standard groups if we're picking another fixed one - logjam attacks aren't

On 09/22/2017 06:55 PM, Tim Broberg wrote: > Do I understand correctly, that you find the security of group 14 unacceptable and yet you left it enabled? In the end, I'm trying to ensure a minimum equivalent of 128-bits of security. Group14 is 2048-bits, which roughly translates to 112-bits. [1] To this end, I disabled the "diffie-hellman-group14-sha1" and

> Can this be addressed in ssh_config/sshd_config with the KexAlgorithms setting? weakdh.org/sysadmin.html recommends adding: KexAlgorithms curve25519-sha256 at libssh.org But this thread makes it sound as if it's not necessary. Can anyone confirm? Personally I'm on openssh-6.7. - Grant > You will be aware of https://weakdh.org/ by now, I presume; the take-home seems to be

https://bugzilla.mindrot.org/show_bug.cgi?id=2303 Bug ID: 2303 Summary: ssh (and perhaps even sshd) should allow to specify the minimum DH group sizes for DH GEX Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: security Priority: P5

Hi, OpenSSH 6.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

On 09/22/2017 06:10 PM, Mark D. Baushke wrote: > I suppose you want to be more paranoid: > > DH * > dh_new_group_fallback(int max) > { > debug3("%s: requested max size %d", __func__, max); > if (max <= 2048) { > debug3("using 2k bit group 14"); > return dh_new_group14(); > }

Hi, Why is there still a limit on the length of a DSA key generated by ssh-keygen? I mean that ssh-keygen only expects 1024 as key length, or fails. Here is the code excerpt that enforces the limitation: if (type == KEY_DSA && *bitsp != 1024) fatal("DSA keys must be 1024 bits"); Commenting these two lines allows the generation of, say, 2048 bit DSA keys that work just fine

On Tue, Oct 6, 2009 at 5:49 PM, Reid Kleckner <rnk at mit.edu> wrote: >> Also, the null pointer is coming from a call to JCE->allocateSpace(). >> This is a virtual function; I'm trying to discover what subclass it >> is. > > So, there's JITEmitter::allocateSpace which overrides > JITCodeEmitter::allocateSpace(), but *most* of the time it just calls >

Hi, I am new to ipsec and trying to connect my bsd server with win 2000. I have succeeded to tunnel using pre-shared key. But regarding certificate , I failed to get success. The following are configuration : racoon.conf path certificate "/usr/local/openssl/certs" ; # "log" specifies logging level. It is followed by either "notify",

Hi, I don't see any way to view the details of a certificate once it is generated. Having such a capability would be very handy for debugging purposes to check what constraints, principals, and validity interval are associated with a given cert. -- Iain Morgan

Hi, I have the following dataset (simplified for example). __DATA__ 300.35 200.25 104.30 22.00 31.12 89.99 444.50 22.10 43.00 22.10 200.55 66.77 Now from that I wish to do the following: 1. Compute variance of each row 2. Pick top-2 row with highest variance 3. Store those selected rows for further processing To achieve this, I tried to: a) read the table and compute variance for each row,