Oops, I just see I misspelled your name. Apologies. Aris
Le 8/07/11 16:39, Aris Adamantiadis a écrit : > Hi Geraoid, > > You are right that group14 only differ with the parameter. git master > give the tools to fix it in the client in an hour or so (need to look at > server support). > Groupe-exchange is a little bit trickier, because client and server > agree on a specific group (set of parameters) dynamically. I can see > room for crypto mistakes in here. > no pitfall forseen in group14. > > Thanks for your help, > > Aris > > > > Le 8/07/11 16:34, Murphy, Gearoid P a écrit : >> Aris + Andreas >> >> I would be interested in attempting this more as a technical exercise than >> anything else, if libssh can but the fruits of my labor to good use, then >> all the better. I would obviously defer to your collective expertise when it >> comes to the evaluation of the security of the submitted code. >> >> Unless I am gravely mistaken, the difference between group1 and group14 >> Diffie-Hellman kex is parametric only, there is no algorithmic change >> required, but the reply of Aris suggests that this is not the case, can >> anyone comment? >> >> Thanks >> - Gearoid >> ________________________________________ >> From: Andreas Schneider [[email protected]] >> Sent: 08 July 2011 14:55 >> To: [email protected] >> Subject: Re: Why only group1 diffie-hellman >> >> On Friday 08 July 2011 13:39:42 you wrote: >>> Hi all >> >> Hi Gearoid, >> >>> Is there a particular design decision behind only only supporting group1 >>> diffie-hellman key exchange? >> >> I don't think so, but we should support it. >> >>> I would be interested in attempting the implementation for group14 >>> diffie-hellman kex for integration into the libssh mainline >> >> RFC 4253 states that it MUST be supported. We would appreciate a patch for >> it. >> Recently Aris added support for ecdh-sha2-nistp256 kex in master. It >> shouldn't >> be to hard to add diffie-hellman-group14-sha1 now. >> >> >> -- andreas >> >> -- >> Andreas Schneider GPG-ID: F33E3FC6 >> www.cryptomilk.org [email protected] >> >> >> >
