Re: DH group exchange (Re: SSH key algorithm updates)
"Mark D. Baushke" <mdb@juniper.net> Tue, 10 November 2015 08:53 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B4531AD481 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Tue, 10 Nov 2015 00:53:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c8oUAs0E7wi7 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Tue, 10 Nov 2015 00:52:55 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 148B61A8903 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Tue, 10 Nov 2015 00:52:55 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 08F1614A2E9; Tue, 10 Nov 2015 08:52:54 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id EB47414A2E7 for <ietf-ssh@NetBSD.org>; Tue, 10 Nov 2015 08:48:30 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 9ZT58x1xELb3 for <ietf-ssh@NetBSD.org>; Tue, 10 Nov 2015 08:48:30 +0000 (UTC)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0769.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:769]) by mail.netbsd.org (Postfix) with ESMTP id 961B714A224 for <ietf-ssh@NetBSD.org>; Tue, 10 Nov 2015 08:48:29 +0000 (UTC)
Received: from SN1PR05CA0034.namprd05.prod.outlook.com (10.163.68.172) by CY1PR0501MB1387.namprd05.prod.outlook.com (10.160.148.141) with Microsoft SMTP Server (TLS) id 15.1.318.15; Tue, 10 Nov 2015 08:48:26 +0000
Received: from BL2FFO11FD009.protection.gbl (2a01:111:f400:7c09::182) by SN1PR05CA0034.outlook.office365.com (2a01:111:e400:5197::44) with Microsoft SMTP Server (TLS) id 15.1.318.15 via Frontend Transport; Tue, 10 Nov 2015 08:48:25 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.17) smtp.mailfrom=juniper.net; cs.tcd.ie; dkim=none (message not signed) header.d=none;cs.tcd.ie; dmarc=none action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.17 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.17) by BL2FFO11FD009.mail.protection.outlook.com (10.173.161.15) with Microsoft SMTP Server (TLS) id 15.1.325.5 via Frontend Transport; Tue, 10 Nov 2015 08:48:24 +0000
Received: from magenta.juniper.net (172.17.27.123) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Tue, 10 Nov 2015 00:48:23 -0800
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by magenta.juniper.net (8.11.3/8.11.3) with ESMTP id tAA8mLD67867; Tue, 10 Nov 2015 00:48:21 -0800 (PST) (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 32A6D1144F; Tue, 10 Nov 2015 00:48:21 -0800 (PST)
To: Damien Miller <djm@mindrot.org>
CC: =?ISO-8859-15?Q?Niels_M=F6ller?= <nisse@lysator.liu.se>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, denis bider <ietf-ssh3@denisbider.com>, Jeffrey Hutzelman <jhutz@cmu.edu>, "ietf-ssh@NetBSD.org" <ietf-ssh@NetBSD.org>, "stephen.farrell@cs.tcd.ie" <stephen.farrell@cs.tcd.ie>, "jon@siliconcircus.com" <jon@siliconcircus.com>
Subject: Re: DH group exchange (Re: SSH key algorithm updates)
In-Reply-To: <alpine.BSO.2.20.1511101829460.8324@natsu.mindrot.org>
References: <9A043F3CF02CD34C8E74AC1594475C73F4B5993D@uxcn10-5.UoA.auckland.ac.nz> <2096379125-720@skroderider.denisbider.com> <9A043F3CF02CD34C8E74AC1594475C73F4B599ED@uxcn10-5.UoA.auckland.ac.nz> <55190.1447001241@eng-mail01.juniper.net> <9A043F3CF02CD34C8E74AC1594475C73F4B5A9BC@uxcn10-5.UoA.auckland.ac.nz> <nnziyn2ft7.fsf@armitage.lysator.liu.se> <65113.1447107876@eng-mail01.juniper.net> <nn37we320r.fsf@armitage.lysator.liu.se> <alpine.BSO.2.20.1511101829460.8324@natsu.mindrot.org>
Comments: In-reply-to: Damien Miller <djm@mindrot.org> message dated "Tue, 10 Nov 2015 18:30:40 +1100."
From: "Mark D. Baushke" <mdb@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 10 Nov 2015 00:48:21 -0800
Message-ID: <90378.1447145301@eng-mail01.juniper.net>
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11FD009; 1:YHKzxHJNS4Wb/EE9eSjPWNsE6fXagIvmqxjc9R1vRN1Hy9QDcA3lUJwBMcQi5oG3pJMESR2xN+we28+QP0psEmg0crHx4dmozwhv1x4fhbXwITSyai5yZvDQEXtV5SfEZu6IfksdoyTwuMpsyQ/3yn0K1oFIiqKz6Prgx8PZKTSiLBkbBl7fMAtRd+qG71O70XJ/ZOaB1t7Yr+WuWD8Y+qvYhXh+iqcCpCpBv1QqGzU/DnOwH6+JdQeD4Lp4tUeS4wnboTnjNt/IlYoAtclRfURwEEEe8CpfygmVOpm39ba2hmqw85kDrZ9GInvN5pTnaBsYIHlAzqvIOCrn4yTZkJ/60QHbj7V+q/Qmt+9KCevNRSm6gaIPupNqluSpxq1riHvv8oePvo45Qucfn5Yhvg==
X-Forefront-Antispam-Report: CIP:66.129.239.17; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(189002)(199003)(54094003)(24454002)(106466001)(23676002)(105596002)(97736004)(110136002)(5001960100002)(81156007)(117636001)(87936001)(5007970100001)(19580395003)(19580405001)(69596002)(77096005)(2950100001)(92566002)(93886004)(5003600100002)(189998001)(47776003)(76506005)(53416004)(50466002)(76176999)(54356999)(50986999)(86362001)(11100500001)(6806005)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0501MB1387; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1387; 2:R689+YrhQjtJIgIJjcC6gqAhIoA+nUatqDGQFETaqEqVPlF/G1T0pyimXYR4+DVnW00HHfPQ6hll8gpEmb2Cg8ulrQr/SyqqaKtzIcNsF/LwRuKGh9+NmV026CisrHXB7qUx0plYbVkEfh33FiZE+NL9+RKGn7fFvw6YJfYj9vc=; 3:F2q6o77I0yCogaBlE2MngdnVG6663GRbme/6QQoCZxHFyYMq8HJcHAZ4A5UoEDrd88adULNYj8tDOJgiv5YvFQmLM1dFVj4bOrtQtKA0GjsoJzOpOZiI50eNLxSzLYn5jkYxUcpNm/dAkXB3w0VIewboYznqggHx+JaqcQzpRHap8qnwpRvkSTmqkNCmSCgymwgsMZiPZQHm6klpF1/0RkUtfDUton9NIjmQack+Gps=; 25:yDvqEuEv+7KQVpqCea8ttLbrUFEHhC4r0htESVuuEnZovkwq3ybT1ZM3cvaRe08Q1H/Tz8HwpnBuxn1TymgtDG5aVjaMabdH63f+glgsh3wba9FlIe0bzNDqSSAkKcl44GLPPVaVpk51UoXJ8C3QHZ/uhHOu3rOsqpg23kzEP09iIlOPBq6jHIy72sL5U9nz6LNlWYBUuvDguvEx3HhpXNB9xvjxBTuYc7C6A0fKJ+fMjpOWW4HoB963/9rnEbzFqQvU4AU4Xbw4geXlG/tzag==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0501MB1387;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1387; 20:KSAQvSPWhNaOrfDMNUQyQBcg1wLn3U9T1jh+6TFvyyZLoJNWm8vykkYPYp28GyyAvZKRtkjt8iaTJJGf5idbNWTfFKzHtnyFt8iCwG5QdLfH0lrnfoBnzx8nxfSlBmFk9UcQLlhkGLOPd1ndmoSytcYqpBI4Ig1/76f5KgoR2XE++XvI6LJh3oVRz/sr6T9Mie/XaoPfvOJNk7qpVSthWCaflbh5ijZCjGLEOKBNkSeioF42yAJ6zDRiK/wIzufUIIYYTCWxiIRIeW5USR75yeGIZDxLCKI1VQ84PJwm+KfJ8+7ZXUOl6hRfIcJuSB7ZsYXLpF8m+/WdAi1H8tsQUCtR4h/Vt7WPyGTGNm76cP7xJx09f9acobaUPaTOnz6JXyncYFgdxFX6HuineaSCUmXJZHIeSHzW8iKmvXX19MdKPYhEOoJds1UbmguPR+fX0Te7mLnelvwxHAcE4YCP7+HX3PtEMD7X1CBy+4O27rhmUlNsRHkBtzJCEUv720Fu; 4:0x388AWOmo4u8a438hSPnUJiJEMfvOxvyELEuD9yc99xrMpJxCKbm9CuUooviuPEcFd8MNIQ+LGQCF5fsHdluEflq9GS/duG9lJX4o1Oin81RX3syxLmXLYP04VAQdxbLinKrw6WDkSs6QLQKnAZnXoMYQampdaY7sH45YEErOQQB8zearj487tFSlRJLHjElcAMQGbJbI85CVetgnA74OD1+lF34pJrWs95lrNwDUq1klp2gckmcFT7EZSbb19zG1TgLUFTyAhnSHl4Yy/b8ZOxvcr2/JkDx6KhEsP7358zS7ANRL7sH2FM9ZHpKuvkSjM16h6EelL1U6EVheabEybAA4rcj0fUwF1h0ONqzbw3/DBLVHD9P34thlb9TWh1
X-Microsoft-Antispam-PRVS: <CY1PR0501MB1387528308851D3E0B5E3A1ABF140@CY1PR0501MB1387.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(520078)(8121501046)(10201501046)(3002001); SRVR:CY1PR0501MB1387; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0501MB1387;
X-Forefront-PRVS: 07562C22DA
X-Microsoft-Exchange-Diagnostics: 1;CY1PR0501MB1387;23:Z61gZ/j/52G5SBeP+A26XzSH+j7F6n6L2H6bYadD94LlN29KFGP3C8uLJLJQF4PlzULBm4rqj78I8ehgI6tf1vrhaTa69ncAXw+pGEEaGIRdwyv3MHOqgpM9adAlsE8dQczBZiMo+NlohSLAwLB9SkHluoNAhR+TzJCeydNlGbabTMg2JKfv+w8X7TERGSTWCZRmC1E5DK68prnt/gaVXxNF/9SJrEOLcHljg0QEBBN1zK/xKO7l79LNr+Vs46XBsuOMEsrboQe8FYti7LQYHjNTPA2HK7gSdA6zKqFm64oZqmkIMBtK84rwfHTUPtFfy6vgKu3QB/k4jfFzj7DgG11hwzTztoOOXzLy5pVwreWdV5q+grG5ROZv9YaqZeYDzqcUmpSZLLI3KK05ufOkFwA9OV8Z8KnD1w6SoGUA3fEGCISGj9+YVas3l4oPoxBbclQpcnDc17eIWdZ4oP1sFhn/3+UHoa+xY4B100tHdOGOfV7xZJibWEQsRyvhBxo0LWeyxhPxaRUMo/hP4uypcaeON4DiWKC5mINRloXZGh4bRvECKacllosFjbkgX8P3IY4vb4ZgEQg7qLs79ZFUDYvlVyh0Jq5LkS5ZyN5/P76bhFb+0NsvPFDXJ3f1meswAhZ6mrAgnOk8SVm0pd5XQJOxFm/e+OWNJMDByJTDhkhVnWcxdzVNMJdU0r9vUs3N+qKO6mbHLu5EmHdI4t3WKyL6LH0azk34GOXY5H5qNinws65wmlrsF/tu3QhuoYoPou6cABn2rreTeMqlgkPEg+GZGP/PR95tjuDf2EHkfb2HfqRj3brDp76EhDB3+Ft8gO72YtI3MM3O2YTRn4L7B9FEcXw2iwTJ3e0abSUtMNgG/GiS92ZmQx5z/lL3QUDf2JofW1Q1+MPXQjd2PzmqAGhw2TnagSz2Ccn6OO6fxFbVYO9vFCSX6F7g93SJYGKoKr+SFwh9qi+L6X2kiUIZXiNRg8ZAdrQwEXHcrkyRqnw=
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1387; 5:SxpGFXlTIsxcQvWD7/3cn1p/eYF5cVG44gvUhZres9wdJptsHcjEyGuucgVBFee3Ht5fFn95PFMgMFU0DH1MS1SvSb4GbVBeLxDLy+k9buSMxmhXHZ6Qr5LyyOr9c+sMSidKORyJI6n2smtT7DcjMA==; 24:rCJlutYeOmKMLFfJ5Yn22TaeaVeqnBrSZdqdcYTr3h2VI5kPYA7ar2yaz/6C7VrrPHdc5aOcf0Itzd8wh94/9trHN7ELpvVJKLUdb/hq5uo=; 20:Oo9cqDd25JvMS4jh6PnwAGPX5230MBWqsHSRvH+WuCvciB1py1cNE8ZTlfuXSgu/L5G05rU9lmUcH4Q+gQeMKQ==
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Nov 2015 08:48:24.7953 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.17]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0501MB1387
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
Hi Damien, Damien Miller <djm@mindrot.org> writes: > On Tue, 10 Nov 2015, Niels Möller wrote: > > > > It may also be desirable to setup a way that RFC 3526 groups: > > > > > > diffie-hellman-group14-sha256 (2048-bit MODP group - 112 bits of security) > > > diffie-hellman-group15-sha256 (3072-bit MODP group - 128 bits of security) > > > > > > diffie-hellman-group16-sha384 (4096-bit MODP group - ~150 bits of security) > > FWIW OpenSSH has been using RFC3526 group 16 as the fallback group for > group-exchange when it can't find a local pre-computed group list. Yes, I am aware that OpenSSH will fall back on group16 with either sha1 or sha2-256 depending on what key exchange method is being used. Given that OpenSSH is using group16 with sha2-256 preserves 128 bits of security, should there be a group16 using either sha2-384 or sha2-512 so that the maximum number of security bits is retained (security bits estimate for RFC 3526 is in this table: +--------+----------+---------------------+---------------------+ | Group | Modulus | Strength Estimate 1 | Strength Estimate 2 | | | +----------+----------+----------+----------+ | | | | exponent | | exponent | | | | in bits | size | in bits | size | +--------+----------+----------+----------+----------+----------+ | 5 | 1536-bit | 90 | 180- | 120 | 240- | | 14 | 2048-bit | 110 | 220- | 160 | 320- | | 15 | 3072-bit | 130 | 260- | 210 | 420- | | 16 | 4096-bit | 150 | 300- | 240 | 480- | | 17 | 6144-bit | 170 | 340- | 270 | 540- | | 18 | 8192-bit | 190 | 380- | 310 | 620- | +--------+----------+---------------------+---------------------+ so, group16 is nominally somewhere between 150-240 bits of security sha2-384 preserves 192 bits of security and sha2-512 preserves 256 bits of security. For that matter, I wonder if we want to take the time to specify "diffie-hellman-group-exchange-sha512" for the larger group sizes while we have RFC4419bis in discussion? Curious, -- Mark
- Re: DH group exchange (Re: SSH key algorithm upda… Jeffrey Hutzelman
- DH group exchange (Re: SSH key algorithm updates) denis bider
- Re: DH group exchange (Re: SSH key algorithm upda… denis bider
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… denis bider
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… denis bider
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Damien Miller
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… denis bider
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Darren Tucker
- Re: DH group exchange (Re: SSH key algorithm upda… Matt Johnston
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… Darren Tucker