IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: DH group exchange (Re: SSH key algorithm updates)
I agree, and would like to see algorithm names for these groups defined.
We have a bit of an inconsistency going on, in the way we refer to SHA-2 256. We standardized hmac-sha2-256, but on the other hand we have "sha256" elsewhere, including as discussed for DH here.
I suggest "sha2-256" for the same reason this was suggested in the hmac-sha2-256 case: to make it clear it isn't sha3-256.
I have previously argued that consistency for the sake of consistency is overvalued. Therefore, in order to be consistent, I should be fine either way. :) I think it's worthwhile to point out, however.
----- Original Message -----
From: Niels "Möller"
Sent: Sunday, November 15, 2015 01:16
To: Mark D. Baushke
Cc: Damien Miller ; Peter Gutmann ; denis bider ; Jeffrey Hutzelman ; ietf-ssh%NetBSD.org@localhost ; stephen.farrell%cs.tcd.ie@localhost ; jon%siliconcircus.com@localhost
Subject: Re: DH group exchange (Re: SSH key algorithm updates)
"Mark D. Baushke" <mdb%juniper.net@localhost> writes:
> For now, does it seem reasonable to add RFC 3526 group15 & group16 to
> the protocol?
>
> diffie-hellman-group15-sha256 (3072-bit MODP group ~130 bits of security)
> diffie-hellman-group16-sha256 (4096-bit MODP group ~150 bits of security)
I think it makes sense. It's good to have some specified algorithms with
security a bit beyond what's currently used, to make it easy to move
if/when needed attacks on the current algorithms emerge.
Next question is what status they should have. I think it makes sense to
have group15 as RECOMMENDED.
(By the same argument, I think it makes sense to specify some
alternative to sha256 too, which I guess would be either sha512 or
sha3-384 (sha384 makes litte sense to me, since it's essentially a
truncated sha512, with same performance and shorter output)).
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
Home |
Main Index |
Thread Index |
Old Index