oss-sec mailing list archives
Re: Prime example of a can of worms
From: Matthias Weckbecker <matthias () weckbecker name>
Date: Wed, 21 Oct 2015 17:01:13 +0200
On Mon, 19 Oct 2015 17:40:14 -0400 Daniel Kahn Gillmor <dkg () fifthhorseman net> wrote: [...]
On the flip side, saying "use only strong (>=2048bit today in 2015?), well-known, well-structured, publicly-vetted groups" is very simple guidance: clear and easy to follow.
Interestingly I noticed OpenSSH bumped their 'DH_GRP_MIN' to 2048 bit just a few days ago to account for precomputation attacks: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/dh.h.diff? r1=1.13&r2=1.14 RFC4419 seems to recommend 1024 bit minimum, but the document appears to be from 2006. [...]
--dkg
Matthias
Current thread:
- Re: Prime example of a can of worms, (continued)
- Re: Prime example of a can of worms Matt U (Oct 18)
- Re: Prime example of a can of worms Seth Arnold (Oct 19)
- Re: Prime example of a can of worms Kurt Seifried (Oct 19)
- Re: Prime example of a can of worms Tim (Oct 19)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Oct 19)
- Re: Prime example of a can of worms Kurt Seifried (Oct 19)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Oct 19)
- Re: Prime example of a can of worms Brad Knowles (Oct 20)
- Re: Prime example of a can of worms Kurt Seifried (Oct 20)
- Re: Prime example of a can of worms gremlin (Oct 20)
- Re: Prime example of a can of worms Matthias Weckbecker (Oct 21)
- Re: Prime example of a can of worms Kurt Seifried (Oct 21)
- Re: Prime example of a can of worms Joshua Rogers (Oct 21)
- Re: Prime example of a can of worms Kurt Seifried (Oct 21)
- Re: Prime example of a can of worms Florent Daigniere (Oct 22)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Oct 22)
- Re: Prime example of a can of worms Kurt Seifried (Oct 22)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Oct 22)
- Re: Prime example of a can of worms gremlin (Oct 23)