|
|
Subscribe / Log in / New account

And what about SSH?

And what about SSH?

Posted May 22, 2015 21:04 UTC (Fri) by wahern (subscriber, #37304)
In reply to: And what about SSH? by tialaramex
Parent article: Another crypto downgrade attack: Logjam

In retrospect we would have been better off randomly generating primes for DH rather than using fixed ones. Yes, you may generate a non-strong prime. But the likelihood is extraordinarily low as long as you generate what's called a safe prime. Fortunately, OpenSSL generates safe primes. (See crypto/dh/dh_gen.c.) It's why `openssl dhparam 1024` takes so much longer than `openssl genrsa 1024`.

In other words, just use OpenSSL to generate new DH parameters and move on to improving the rest of your software and infrastructure.

to post comments

And what about SSH?

Posted May 24, 2015 9:35 UTC (Sun) by reubenhwk (guest, #75803) [Link] (1 responses)

generating a new DH* in OpenSSL can be very slow, especially 1024+ bits. It's not something you really want to do on startup. Better to read the p & g params from a file, then fork off a new process to generate new p & g in the background then write them out when done...

And what about SSH?

Posted May 27, 2015 17:40 UTC (Wed) by flussence (guest, #85566) [Link]

Something seems off here: `openssl dhparam 3072` takes 3-4 minutes for me on a fairly high end Intel server CPU, which is in line with what you said, but the gnutls equivalent `certtool --generate-dh-params --sec-param=high` takes 1-2 *seconds*.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds