Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 30 March 2017 03:22 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78532129521 for <curdle@ietfa.amsl.com>; Wed, 29 Mar 2017 20:22:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06L5dNoei9pp for <curdle@ietfa.amsl.com>; Wed, 29 Mar 2017 20:22:35 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30F8612420B for <curdle@ietf.org>; Wed, 29 Mar 2017 20:22:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1490844155; x=1522380155; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=ccdOw9c54txZC4L8k0kXwxUR+pqKYC0FP94TNYiOlws=; b=Ci6XF9LAY7HwxFNdHi/3pn9DI9K3uHUVLq8jlF37Hp0k8npesgX/cxB5 H9S85LTT+72lsS4faTI49ml1r/exaFm63rB7tNToQ+rXBjv+fgnZV8PV/ f38wVmQYGhG0LFBokb2GguYourbMN8hlGuwMIhG06e+aL0TcowdI+fzJN n6WtzQ2VUSm+UEFBFucxxRNQn9r/B2hzb/gTHY/z5635J4tFWo6DWYCqP gfvoRu/7cdsGT0zxa4hhRmj+KVY+MZ8/mHNuKWF/jnMhZSAz1R4u9Ws1G 1cLtdEfK/bJzJoZ2NXjLkDqjSaNevdbdCdmO1NUdK1Mbuf7piV9nWdEuS w==;
X-IronPort-AV: E=Sophos;i="5.36,244,1486378800"; d="scan'208";a="146579537"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.5 - Outgoing - Outgoing
Received: from uxcn13-ogg-d.uoa.auckland.ac.nz ([10.6.2.5]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 30 Mar 2017 16:22:32 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.25) by uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.25) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 30 Mar 2017 16:22:32 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1263.000; Thu, 30 Mar 2017 16:22:32 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Tero Kivinen <kivinen@iki.fi>
CC: "Mark D. Baushke" <mdb@juniper.net>, "Salz, Rich" <rsalz@akamai.com>, curdle <curdle@ietf.org>
Thread-Topic: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2
Thread-Index: AQHSqKbDCCDwtgJ6TEe+nT3SNcvyA6Gst6HV
Date: Thu, 30 Mar 2017 03:22:31 +0000
Message-ID: <1490844151663.13492@cs.auckland.ac.nz>
References: <CADZyTkmr0WF3BOBby3rObBGGQaqMUq=0Ssc7NB9PAgPFDrk7dA@mail.gmail.com> <30381.1490720068@eng-mail01.juniper.net> <6ab576118c6945f4ba888dd403cf2471@usma1ex-dag1mb1.msg.corp.akamai.com> <1490766071333.6018@cs.auckland.ac.nz> <57287.1490768257@eng-mail01.juniper.net> <1490771481840.11723@cs.auckland.ac.nz>, <22747.56331.274710.114550@fireball.acr.fi>
In-Reply-To: <22747.56331.274710.114550@fireball.acr.fi>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/HAbmdaYZwy5rnv2DVqVP2CwbAd0>
Subject: Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 03:22:37 -0000
Tero Kivinen <kivinen@iki.fi> writes: >I did verify the RFC 2409 primes (768, 1024, and 1536 bit groups) when I >generated the RFC3526. I do not know if anybody else has verified the >RFC3526 primes. Wow. So the 2409 values took five years to be independently verified and nineteen years before this became known, the 3526 values took twelve years to be independently verified. If we do publish new groups, we need to address this problem with some urgency. I'm not saying I don't trust you :-) but the point of publishing the details is to gain confidence in everything being correct once multiple people have verified things. In terms of what to publish, I don't know if there's much need to publish a HOWTO for generic DLP parameter generation since presumably every implementation already has code to do DH/DSA/whatever generation. Where something is needed is situations where widely-shared parameters need to be generated, and there all you'd need to do is document how it's done and publish the parameters, preferably as a C-style byte array or something. Few if any of the parameter-set documents acknowledge that implementers just want something they can incorporate into their code with minimal effort. Give them a cut&paste code block that takes under five minutes to integrate into existing code and it's far more likely to see quick uptake. And while I'm at it, include a hash of the parameters as a byte string so you can check that you've got an exact copy of the data. (The above culled from off-list discussions, in case someone's wondering if they've seen it before :-) >Actually breaking SSH is much more useful than breaking IKE or TLS. The >first time the adminstrator types sudo and his root password inside his >ssh connection, the stored SSH stream comes very valuable for the >attacker... Only if they want to compromise someone's Linux box or something. If you target IKE you get to vaccuum up a ton of VPN traffic, and with SSL you get not only all web browsing but a ton of other stuff that uses it as the universal secure transport mechanism for network traffic. For example if you're targetting VoIP then you'd want it for the tiny fraction of SIP that isn't just sent in the clear. It'd also give you ToR traffic, and endless other material. The pretty clear lesson here is, don't use the same DH parameters as SSL/TLS. So in terms of target groups if I was a government-level attacker, I'd go for SSL, then IKE, and then I'd think about what to do next, given that it could take years to break each parameter set. Peter.
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 denis bider
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Daniel Migault
- [Curdle] minutes for IETF98 Daniel Migault
- [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Salz, Rich
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Martin Thomson
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Yoav Nir
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Yoav Nir
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Salz, Rich
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Kyle Rose
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Kyle Rose
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Kyle Rose
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 denis bider
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario