similar to: Can we disable diffie-hellman-group-exchange-sha1 by default?

Can we disable diffie-hellman-group14-sha1 too? On Thu, Feb 14, 2019 at 10:23 PM Mark D. Baushke <mdb at juniper.net> wrote: > > Hi John, > > The short answer is YES. > > Jon DeVree <nuxi at vault24.org> writes: > > > I ask because the removal of diffie-hellman-group-exchange-sha1 happened > > accidently in 7.8 due to a mistake in a change to

Also, how are default moduli shipped with OpenSSH for use in diffie-hellman-group-exchange-sha1/sha256 chosen? Are they chosen randomly by developers or are they chosen for security properties? If they are random, why not use moduli from RFC 7919 instead, like Mozilla recommends? On Fri, Feb 15, 2019 at 3:48 AM Mark D. Baushke <mdb at juniper.net> wrote: > > Yegor Ievlev <koops1997

I'm not nearly knowledgeable enough in crypto to fully understand your answer, but I will try. I wonder why moduli are not automatically generated the first time sshd is started though. That would make much more sense than shipping a default moduli file but also asking everyone to replace it with their own. On Fri, Feb 15, 2019 at 5:50 AM Mark D. Baushke <mdb at juniper.net> wrote: >

On Fri, 2019-02-15 at 15:57 +1100, Darren Tucker wrote: > That was the original intent (and it's mentioned in RFC4419) however > each moduli file we ship (70-80 instances of 6 sizes) takes about 1 > cpu-month to generate on a lowish-power x86-64 machine. Most of it > is > parallelizable, but even then it'd likely take a few hours to > generate > one of each size. I

I don't think there is any point to generate so many moduli. Actually, 3 moduli of sizes 2048, 3072 and 4096 seem like a sane choice. On Fri, Feb 15, 2019 at 7:58 AM Darren Tucker <dtucker at dtucker.net> wrote: > > On Fri, 15 Feb 2019 at 14:22, Yegor Ievlev <koops1997 at gmail.com> wrote: > > I'm not nearly knowledgeable enough in crypto to fully understand your

e.g. can we make it throw warnings etc. rsa-sha2-256 and rsa-sha2-512 are fine, they use PSS. On Sun, Jan 20, 2019 at 1:55 AM Yegor Ievlev <koops1997 at gmail.com> wrote: > > Also can we do anything with ssh-rsa? It uses both SHA-1 and > deprecated PKCS#1 padding. If it's used to sign certificates, there's > no additional protection of SHA-2 hashing before SHA-1

https://bugzilla.mindrot.org/show_bug.cgi?id=2291 Bug ID: 2291 Summary: ssh -Q kex lists diffie-hellman-group1-sha1 twice Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: sftp-server Assignee:

That doesn't seem to be the case. See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf (5.6.1 Comparable Algorithm Strengths) On Fri, Feb 15, 2019 at 8:28 AM Darren Tucker <dtucker at dtucker.net> wrote: > > On Fri, 15 Feb 2019 at 16:00, Yegor Ievlev <koops1997 at gmail.com> wrote: > > I don't think there is any point to generate so

I referred to the fact that there is no value for 4096-bit groups at all. For higher strengths than 128 bits one should probably not use non-EC crypto at all, as the document suggests. On Fri, Feb 15, 2019 at 9:19 AM Darren Tucker <dtucker at dtucker.net> wrote: > > On Fri, 15 Feb 2019 at 16:45, Yegor Ievlev <koops1997 at gmail.com> wrote: > > That doesn't seem to be

I'm not sure if collision resistance is required for DH key derivation, but generally, SHA-1 is on its way out. If it's possible (if there's not a very large percentage of servers that do not support anything newer), it should be disabled.

https://bugzilla.mindrot.org/show_bug.cgi?id=3221 Bug ID: 3221 Summary: hostkey preference ordering is broken in some situations Product: Portable OpenSSH Version: 8.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=2568 Bug ID: 2568 Summary: ssh fails to authenticate using RSA keys when agent does not support sha256/512 signatures Product: Portable OpenSSH Version: -current Hardware: Other URL: https://github.com/connectbot/connectbot/issues/397 OS: Linux

> On 22 June 2018 at 10:18 tai74 at vfemail.net wrote: > > > > hi sorry if question was asked already. Was reading > https://wiki2.dovecot.org/Upgrading/2.3 > > first I'm confused on diffie hellman parameters file. I never set up > ssl-parameters.dat before (should i have? do I have one that was > automatically made for me by dovecot?) > > Do I need

On Fri, 22 Jun 2018, Joseph Tam wrote: > However, recent advances make this condition obsolete [*] and not > really safer, so a much faster way to generate a DH key is > > openssl dhparam -dsaparam -out dh.pem 4096 > > DH generation is a one time operation, so if you're paranoid and you've > got time to burn, go ahead and generate the "safe" DH key. >

Hi, I am trying to debug a new (to me) printer, that should be able to use AD (for LDAP / address book lookups as well as authentication). It's been a while since I needed to dump traffic with wireshark; and evidently it's got harder since I last tried :) I have generated a wireshark dump on my DC, to see what the printer is trying to do, using: dc1$ sudo tcpdump host myprinter and port

Thanks Joseph, Aki, but something missing from upgrade document, where does the dh param file go? I located ssl-parameters.dat so I will put it there. Quoting Joseph Tam <jtam.home at gmail.com>: > On Fri, 22 Jun 2018, Joseph Tam wrote: > >> However, recent advances make this condition obsolete [*] and not >> really safer, so a much faster way to generate a DH key is

On Fri, 22 Jun 2018, Aki Tuomi wrote: >> Do I need to make a fresh dh.pem? The upgrade doc tells how to convert >> ssl-parameters.dat but how to make a new one? > > ... or you can make a fresh one using openssl > gendh 4096 > dh.pem This also works openssl dhparam -out dh.pem 4096 > Note that this will require quite a lot of entropy, so you should > probably

Hello, I'd like to inform you that the next release of WinSCP SFTP client (version 5.7.5) will support Diffie-Hellman group exchange as specified by RFC 4419. http://winscp.net/tracker/show_bug.cgi?id=1345 So I'd like to ask you to kindly update the check in compat_datafellows() to WinSCP_release_4* WinSCP_release_5.0* WinSCP_release_5.1* WinSCP_release_5.2* WinSCP_release_5.5*

I have been reading up on TLS and Dovecot and came across this URL: https://www.weakdh.org/sysadmin.html which recommended these settings for Dovecot. I would like to know if they are correct? Some much documentation on the web is pure garbage. Dovecot These changes should be made in /etc/dovecot.conf Cipher Suites

hi sorry if question was asked already. Was reading https://wiki2.dovecot.org/Upgrading/2.3 first I'm confused on diffie hellman parameters file. I never set up ssl-parameters.dat before (should i have? do I have one that was automatically made for me by dovecot?) Do I need to make a fresh dh.pem? The upgrade doc tells how to convert ssl-parameters.dat but how to make a new one? other