Date: Fri, 24 Nov 2000 15:33:07 -0800 From: Kris Kennaway <kris@FreeBSD.org> To: "Brian F. Feldman" <green@FreeBSD.org> Cc: security@FreeBSD.org Subject: Re: OpenSSH 2.3.0 pre-upgrade Message-ID: <20001124153307.A71713@citusc17.usc.edu> In-Reply-To: <200011242328.eAONSJ560421@green.dyndns.org>; from green@FreeBSD.org on Fri, Nov 24, 2000 at 06:28:19PM -0500 References: <200011242328.eAONSJ560421@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Fri, Nov 24, 2000 at 06:28:19PM -0500, Brian F. Feldman wrote: > What's new in this release? Mostly the adding of the AES (Rijndael) to the > SSH2 algorithms. Is anything now broken? Well, nothing new broken that I Doesn't that rely on AES support in OpenSSL? > There's some weird issue where for the Diffie-Hellman exchange, OpenSSH > wants primes but doesn't seem to want to generate them... it expects an > /etc/ssh/primes (which should become /var/run/ssh_primes, if anything) and I > have no clue where the program is that supposedly generates them. So, for > SSH2, the authentication stage generates a large warning and uses a > hardcoded prime. This should not actually have an affect on security, > though, according to my understanding of the Diffie-Hellman protocol. They're static - OpenBSD just committed the file with some good primes generated from OpenSSL, presumably. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoe+rMACgkQWry0BWjoQKUc/gCghafS9pr8E5Bee+oFJ0nUOuz5 ErEAnROdPkl5v/gO6a3N0iSV7sjnnou/ =Oa5X -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001124153307.A71713>