Jens Thiele <[email protected]> writes: > see also: > https://www.weakdh.org/
A few thoughts (my colleage David McBride was helpful here): i) plausibly-new openssh (>=5.7) support and prefer ECDH, which I believe to be unaffected by this issue. The commonest Windows client (PuTTY), however, doesn't support this yet. ii) I think it would be sensible to remove weaker moduli from /etc/ssh/moduli. The current size distribution: bits count 1023 36 1535 32 2047 28 3071 26 4095 31 6143 20 8191 6 A colleague reports that generating new 2047-bit moduli takes a few minutes, and that time taking scales non-linearly with length (~90 minutes for 4095, ~40 hours for 8191). So I'm not sure if we should make some newer larger moduli and start shipping them, and/or start generating some at install time; the latter feels too invasive to me. iii) it's less clear what to do about the weaker KexAlgorithms - diffie-hellman-group1-sha1 uses Oakley Group 2 (1024 bits) and diffie-hellman-group14-sha1 uses Oakley Group 14 (2048 bits); RFC4253 says that implementations MUST support these, and I don't know what clients might break if we were to stop doing so. I'd be interested to hear the opinions of the other openssh maintainers, and perhaps we should ask upstream for their views (I've not seen anything on the upstream dev list as yet). Regards, Matthew -- "At least you know where you are with Microsoft." "True. I just wish I'd brought a paddle." http://www.debian.org -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
