Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 24 Nov 2000 15:33:07 -0800
From:      Kris Kennaway <kris@FreeBSD.org>
To:        "Brian F. Feldman" <green@FreeBSD.org>
Cc:        security@FreeBSD.org
Subject:   Re: OpenSSH 2.3.0 pre-upgrade
Message-ID:  <20001124153307.A71713@citusc17.usc.edu>
In-Reply-To: <200011242328.eAONSJ560421@green.dyndns.org>; from green@FreeBSD.org on Fri, Nov 24, 2000 at 06:28:19PM -0500
References:  <200011242328.eAONSJ560421@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--9amGYk9869ThD9tj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Nov 24, 2000 at 06:28:19PM -0500, Brian F. Feldman wrote:

> What's new in this release?  Mostly the adding of the AES (Rijndael) to t=
he=20
> SSH2 algorithms.  Is anything now broken?  Well, nothing new broken that =
I=20

Doesn't that rely on AES support in OpenSSL?

> There's some weird issue where for the Diffie-Hellman exchange, OpenSSH=
=20
> wants primes but doesn't seem to want to generate them... it expects an
> /etc/ssh/primes (which should become /var/run/ssh_primes, if anything) an=
d I=20
> have no clue where the program is that supposedly generates them.  So, fo=
r=20
> SSH2, the authentication stage generates a large warning and uses a=20
> hardcoded prime.  This should not actually have an affect on security,=20
> though, according to my understanding of the Diffie-Hellman protocol.

They're static - OpenBSD just committed the file with some good primes
generated from OpenSSL, presumably.

Kris
--9amGYk9869ThD9tj
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjoe+rMACgkQWry0BWjoQKUc/gCghafS9pr8E5Bee+oFJ0nUOuz5
ErEAnROdPkl5v/gO6a3N0iSV7sjnnou/
=Oa5X
-----END PGP SIGNATURE-----

--9amGYk9869ThD9tj--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001124153307.A71713>