https://bugzilla.mindrot.org/show_bug.cgi?id=2302
--- Comment #5 from Darren Tucker <[email protected]> --- (In reply to Damien Miller from comment #4) > Comment on attachment 2630 [details] > Make the DH-GEX fallback group 4k bit. > > Where did this group come from? I generated it. I pulled it off the file being prepared for the next moduli update. > IMO it would be best to use one of > the standard groups if we're picking another fixed one - logjam > attacks aren't remotely plausible at this length, and doing so > avoids any questions over the group's provenance. Presumably someone said something similar about group1 and group14 at one point? > You could use the RFC3526 (ISAKMP) 4096-bit group: > https://tools.ietf.org/html/rfc3526#page-5 Isn't the whole point of the LogJam style attacks is that up-front precomputation against a fixed group used in many protocols pays dividends across all of them? In this case we need a group, but we don't need that particular group. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
