Re: DH group exchange (Re: SSH key algorithm updates)

[nisse%lysator.liu.se@localhost (Niels Möller)]

"Mark D. Baushke" <mdb%juniper.net@localhost> writes:

> See also:
>
>   http://csrc.nist.gov/publications/nistpubs/800-107-rev1/sp800-107-rev1.pdf
>   Section 4.2 table 1.

It's not clear to me why the "collision resistance strength" rather
than "preimage resistance strength" or "second preimage strength" apply
when using sha2 for generating session keys and the exchange hash.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.