On Fri, Feb 16, 2018 at 11:45:56AM -0000, ChristianEhrhardt wrote: > So maybe (but only maybe) a ssh-extra-security package doing so as > suggests or helper tool bundled to openssh that would do the update > might be a nice security addition. I'm adding the security Team to > weight in on opinions: > - should it be unique per system?
It is fine for this file to be shared amongst all OpenSSH users. A cryptographer friend and I discussed the wisdom of self-generating DH primes recently. He was strongly of the opinion that well-vetted primes should be preferred over randomly-selected primes. Some numbers have vastly weaker performance against the generalized number field sieve than other numbers. > - if so, preferred delivery mechanism Packaging upstream's as a config file makes sense to me. Local sites can replace it, and if they understand the risks it may make sense. > - might an individual generated moduli file decrease security compared > to a "curated and reviewed" shared one? There are mentions of > "Ssh-keygen’s primality tests are statistical tests and can lead to > false positives." that make me think so. The statistical primality tests worry me less than performance of the purported prime numbers against the GNFS in the precomputation steps that lead to an attack. I believe this is the weakest link in the chain and reason enough to stick with numbers shared with upstream. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1748709 Title: Upgrade from xenial to bionic wants to replace moduli To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1748709/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
