Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 21 Oct 2015 17:01:13 +0200
From: Matthias Weckbecker <matthias@...kbecker.name>
To: oss-security@...ts.openwall.com
Subject: Re: Prime example of a can of worms

On Mon, 19 Oct 2015 17:40:14 -0400
Daniel Kahn Gillmor <dkg@...thhorseman.net> wrote:
[...]
> On the flip side, saying "use only strong (>=2048bit today in 2015?),
> well-known, well-structured, publicly-vetted groups" is very simple
> guidance: clear and easy to follow.
> 

Interestingly I noticed OpenSSH bumped their 'DH_GRP_MIN' to 2048 bit
just a few days ago to account for precomputation attacks:

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/dh.h.diff?
r1=1.13&r2=1.14

RFC4419 seems to recommend 1024 bit minimum, but the document appears
to be from 2006.

[...]
> 
>       --dkg

Matthias

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ