Re: Interop lsh and SSH-2.0-GitLab-SSHD

To: Mouse <mouse%Rodents-Montreal.ORG@localhost>, "ietf-ssh%netbsd.org@localhost" <ietf-ssh%netbsd.org@localhost>
Subject: Re: Interop lsh and SSH-2.0-GitLab-SSHD
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Mon, 30 Oct 2023 03:57:52 +0000

Mouse <mouse%Rodents-Montreal.ORG@localhost> writes:

>We want e to be large enough to make the low encryption exponent attack
>hopeless right out of the gate

You're using PKCS #1 padding which was designed to make the low encryption
exponent attack hopeless right out of the gate from day one - if this was an
issue, every CA on the planet that uses F4 as an exponent, and even more so
PGP which traditionally used 17 or 257, would have been compromised years ago.
You're not gaining anything by doing this apart from (a) wasting a ton of CPU
cycles [*] and (b) risking non-interoperability with other implementations
that enforce sanity-checks on public-key values.

Peter.

[*] This may be why your SSH handshake is so surprisingly slow.

Follow-Ups:
- Re: Interop lsh and SSH-2.0-GitLab-SSHD
  - From: Mouse

References:
- Interop lsh and SSH-2.0-GitLab-SSHD
  - From: Niels Möller
- Re: Interop lsh and SSH-2.0-GitLab-SSHD
  - From: Peter Gutmann
- Re: Interop lsh and SSH-2.0-GitLab-SSHD
  - From: Mouse
- Re: Interop lsh and SSH-2.0-GitLab-SSHD
  - From: Niels Möller
- Re: Interop lsh and SSH-2.0-GitLab-SSHD
  - From: Peter Gutmann
- Re: Interop lsh and SSH-2.0-GitLab-SSHD
  - From: Mouse
- Re: Interop lsh and SSH-2.0-GitLab-SSHD
  - From: Ron Frederick
- Re: Interop lsh and SSH-2.0-GitLab-SSHD
  - From: Mouse
- Re: Interop lsh and SSH-2.0-GitLab-SSHD
  - From: Peter Gutmann
- Re: Interop lsh and SSH-2.0-GitLab-SSHD
  - From: Mouse

Prev by Date: Re: Interop lsh and SSH-2.0-GitLab-SSHD
Next by Date: Re: Interop lsh and SSH-2.0-GitLab-SSHD
Previous by Thread: Re: Interop lsh and SSH-2.0-GitLab-SSHD
Next by Thread: Re: Interop lsh and SSH-2.0-GitLab-SSHD
Indexes:

Home | Main Index | Thread Index | Old Index