IETF Logo Mail Archive

Re: DH group exchange (Re: SSH key algorithm updates)

denis bider <ietf-ssh3@denisbider.com> Sat, 07 November 2015 09:32 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 536301B2EA2 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 7 Nov 2015 01:32:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yJAvDr11rFoO for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 7 Nov 2015 01:32:05 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A4741B2E9F for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sat, 7 Nov 2015 01:32:05 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id F36BC14A38C; Sat, 7 Nov 2015 09:32:04 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 9B24E14A383; Sat, 7 Nov 2015 09:32:04 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id C7CB314A38C for <ietf-ssh@NetBSD.org>; Sat, 7 Nov 2015 05:03:32 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id nss5am7xYb0L for <ietf-ssh@NetBSD.org>; Sat, 7 Nov 2015 05:03:32 +0000 (UTC)
Received: from skroderider.denisbider.com (skroderider.denisbider.com [50.18.172.175]) (using TLSv1.1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 38C6114A29D for <ietf-ssh@NetBSD.org>; Sat, 7 Nov 2015 05:03:32 +0000 (UTC)
X-Footer: ZGVuaXNiaWRlci5jb20=
Received: from localhost ([127.0.0.1]) by skroderider.denisbider.com for jhutz@cmu.edu; Sat, 7 Nov 2015 05:03:30 +0000
Date: Sat, 07 Nov 2015 05:03:30 +0000
Subject: Re: DH group exchange (Re: SSH key algorithm updates)
X-User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
Message-ID: <1995820131-1900@skroderider.denisbider.com>
X-Priority: 3
Importance: Normal
MIME-Version: 1.0
From: denis bider <ietf-ssh3@denisbider.com>
To: Jeffrey Hutzelman <jhutz@cmu.edu>
Cc: NielsMöller <nisse@lysator.liu.se>, "Mark D. Baushke" <mdb@juniper.net>, ietf-ssh@NetBSD.org, stephen.farrell@cs.tcd.ie, jon@siliconcircus.com
Content-Type: multipart/alternative; boundary="=-AoGHZl1dj743Uw6tLIMg"
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

Half the time - or even more often - the parameters sent by the server fail a pairwise consistency test that Crypto++ performs in FIPS mode.

I believe these tests are required by FIPS to use the crypto parameters.

I believe this has been recognized as a shortcoming of these dynamically generated groups, and has been deemed an acceptable level of risk because they are short-lived.

The issue is that FIPS (probably correctly, given its intent to prevent suspicious-looking crypto use) does not make this accommodation.


----- Original Message -----
From: Jeffrey Hutzelman 
Sent: Friday, November 6, 2015 21:50
To: denis bider 
Cc: jhutz@cmu.edu ; NielsMöller ; Mark D. Baushke ; ietf-ssh@NetBSD.org ; stephen.farrell@cs.tcd.ie ; jon@siliconcircus.com 
Subject: Re: DH group exchange (Re: SSH key algorithm updates)

On Sat, 2015-11-07 at 03:33 +0000, denis bider wrote:

> It is a fairly substantial problem that most dynamically generated
> groups aren't usable with our FIPS module.

What's broken about the groups that don't work?

v2.23.0 | Report a Bug | By Email