IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: DH group exchange (Re: SSH key algorithm updates)
"Mark D. Baushke" <mdb%juniper.net@localhost> writes:
> For now, does it seem reasonable to add RFC 3526 group15 & group16 to
> the protocol?
>
> diffie-hellman-group15-sha256 (3072-bit MODP group ~130 bits of security)
> diffie-hellman-group16-sha256 (4096-bit MODP group ~150 bits of security)
I think it makes sense. It's good to have some specified algorithms with
security a bit beyond what's currently used, to make it easy to move
if/when needed attacks on the current algorithms emerge.
Next question is what status they should have. I think it makes sense to
have group15 as RECOMMENDED.
(By the same argument, I think it makes sense to specify some
alternative to sha256 too, which I guess would be either sha512 or
sha3-384 (sha384 makes litte sense to me, since it's essentially a
truncated sha512, with same performance and shorter output)).
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
Home |
Main Index |
Thread Index |
Old Index