[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Why only group1 diffie-hellman
[Thread Prev] | [Thread Next]
- Subject: Re: Why only group1 diffie-hellman
- From: Aris Adamantiadis <aris@xxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Fri, 08 Jul 2011 16:40:40 +0200
- To: libssh@xxxxxxxxxx
- Cc: "Murphy, Gearoid P" <gearoid.murphy@xxxxxx>
Oops, I just see I misspelled your name. Apologies. Aris Le 8/07/11 16:39, Aris Adamantiadis a écrit : > Hi Geraoid, > > You are right that group14 only differ with the parameter. git master > give the tools to fix it in the client in an hour or so (need to look at > server support). > Groupe-exchange is a little bit trickier, because client and server > agree on a specific group (set of parameters) dynamically. I can see > room for crypto mistakes in here. > no pitfall forseen in group14. > > Thanks for your help, > > Aris > > > > Le 8/07/11 16:34, Murphy, Gearoid P a écrit : >> Aris + Andreas >> >> I would be interested in attempting this more as a technical exercise than anything else, if libssh can but the fruits of my labor to good use, then all the better. I would obviously defer to your collective expertise when it comes to the evaluation of the security of the submitted code. >> >> Unless I am gravely mistaken, the difference between group1 and group14 Diffie-Hellman kex is parametric only, there is no algorithmic change required, but the reply of Aris suggests that this is not the case, can anyone comment? >> >> Thanks >> - Gearoid >> ________________________________________ >> From: Andreas Schneider [asn@xxxxxxxxxxxxxx] >> Sent: 08 July 2011 14:55 >> To: libssh@xxxxxxxxxx >> Subject: Re: Why only group1 diffie-hellman >> >> On Friday 08 July 2011 13:39:42 you wrote: >>> Hi all >> >> Hi Gearoid, >> >>> Is there a particular design decision behind only only supporting group1 >>> diffie-hellman key exchange? >> >> I don't think so, but we should support it. >> >>> I would be interested in attempting the implementation for group14 >>> diffie-hellman kex for integration into the libssh mainline >> >> RFC 4253 states that it MUST be supported. We would appreciate a patch for it. >> Recently Aris added support for ecdh-sha2-nistp256 kex in master. It shouldn't >> be to hard to add diffie-hellman-group14-sha1 now. >> >> >> -- andreas >> >> -- >> Andreas Schneider GPG-ID: F33E3FC6 >> www.cryptomilk.org asn@xxxxxxxxxxxxxx >> >> >> >
| Why only group1 diffie-hellman | "Murphy, Gearoid P" <gearoid.murphy@xxxxxx> |
| Re: Why only group1 diffie-hellman | Andreas Schneider <asn@xxxxxxxxxxxxxx> |
| RE: Why only group1 diffie-hellman | "Murphy, Gearoid P" <gearoid.murphy@xxxxxx> |
| Re: Why only group1 diffie-hellman | Aris Adamantiadis <aris@xxxxxxxxxxxx> |