Hi Geraoid, You are right that group14 only differ with the parameter. git master give the tools to fix it in the client in an hour or so (need to look at server support). Groupe-exchange is a little bit trickier, because client and server agree on a specific group (set of parameters) dynamically. I can see room for crypto mistakes in here. no pitfall forseen in group14.
Thanks for your help, Aris Le 8/07/11 16:34, Murphy, Gearoid P a écrit : > Aris + Andreas > > I would be interested in attempting this more as a technical exercise than > anything else, if libssh can but the fruits of my labor to good use, then all > the better. I would obviously defer to your collective expertise when it > comes to the evaluation of the security of the submitted code. > > Unless I am gravely mistaken, the difference between group1 and group14 > Diffie-Hellman kex is parametric only, there is no algorithmic change > required, but the reply of Aris suggests that this is not the case, can > anyone comment? > > Thanks > - Gearoid > ________________________________________ > From: Andreas Schneider [[email protected]] > Sent: 08 July 2011 14:55 > To: [email protected] > Subject: Re: Why only group1 diffie-hellman > > On Friday 08 July 2011 13:39:42 you wrote: >> Hi all > > Hi Gearoid, > >> Is there a particular design decision behind only only supporting group1 >> diffie-hellman key exchange? > > I don't think so, but we should support it. > >> I would be interested in attempting the implementation for group14 >> diffie-hellman kex for integration into the libssh mainline > > RFC 4253 states that it MUST be supported. We would appreciate a patch for it. > Recently Aris added support for ecdh-sha2-nistp256 kex in master. It shouldn't > be to hard to add diffie-hellman-group14-sha1 now. > > > -- andreas > > -- > Andreas Schneider GPG-ID: F33E3FC6 > www.cryptomilk.org [email protected] > > >
