Date: Mon, 19 Oct 2015 12:34:11 -0700 From: Seth Arnold <seth.arnold@...onical.com> To: oss-security@...ts.openwall.com Subject: Re: Prime example of a can of worms On Mon, Oct 19, 2015 at 12:24:40AM -0400, Alex Gaynor wrote: > I think we can have a far simpler rule: use of DH at <= 1024 bits gets a > CVE, the same way 512-bit RSA, or DES would. Should there be any middle-ground for how much use a specific value gets? Part of the weakdh gift is the reconition that randomly generated 1024 bit primes might be fine for one router or website to use but is terrible when used by millions and might repay the cost to crack it. Do we allow 1024-bit dhparams when they are randomly generated? Or do we also want to move these to e.g. 2048 out of abundance of caution? (I don't share Kurt's pessimism on generating DH primes, though that does come with the caveat that they should only be generated on systems that have been running long enough to collect enough entropy for random number generation to work well.) Thanks Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ