|
|
|
|
|
|
by knweiss
3464 days ago
|
|
|
From the OpenSSH moduli(5) man page: "When performing Diffie-Hellman Group Exchange, sshd(8)
first estimates the size of the modulus required to
produce enough Diffie-Hellman output to sufficiently
key the selected symmetric cipher. sshd(8) then randomly
selects a modulus from /etc/ssh/moduli that best meets
the size requirement."
The problem isa) OS distributions ship pre-computed moduli in the /etc/ssh/moduli file. I.e. most users don't change these moduli. This facilitates pre-computation attacks. b) These moduli are often too short (<2048 bit). You can create your own moduli with ssh-keygen (see the "MODULI GENERATION" section in the ssh-keygen manpage). FWIW: Here's my open bug for RHEL7 where I try to convince Red Hat to improve the situation (including more details and references): https://bugzilla.redhat.com/show_bug.cgi?id=1396943 |
|
|