Re: DH group exchange (Re: SSH key algorithm updates)

To: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Subject: Re: DH group exchange (Re: SSH key algorithm updates)
From: denis bider <ietf-ssh3%denisbider.com@localhost>
Date: Sat, 7 Nov 2015 05:03:30 +0000

Half the time - or even more often - the parameters sent by the server fail a pairwise consistency test that Crypto++ performs in FIPS mode.

I believe these tests are required by FIPS to use the crypto parameters.

I believe this has been recognized as a shortcoming of these dynamically generated groups, and has been deemed an acceptable level of risk because they are short-lived.

The issue is that FIPS (probably correctly, given its intent to prevent suspicious-looking crypto use) does not make this accommodation.

----- Original Message -----
From: Jeffrey Hutzelman
Sent: Friday, November 6, 2015 21:50
To: denis bider
Cc: jhutz%cmu.edu@localhost ; NielsMöller ; Mark D. Baushke ; ietf-ssh%NetBSD.org@localhost ; stephen.farrell%cs.tcd.ie@localhost ; jon%siliconcircus.com@localhost
Subject: Re: DH group exchange (Re: SSH key algorithm updates)

On Sat, 2015-11-07 at 03:33 +0000, denis bider wrote:

> It is a fairly substantial problem that most dynamically generated
> groups aren't usable with our FIPS module.

What's broken about the groups that don't work?

Prev by Date: Re: DH group exchange (Re: SSH key algorithm updates)
Next by Date: Re: SSH key algorithm updates
Previous by Thread: Re: DH group exchange (Re: SSH key algorithm updates)
Next by Thread: Re: DH group exchange (Re: SSH key algorithm updates)
Indexes:

Home | Main Index | Thread Index | Old Index