From owner-svn-src-all@freebsd.org Sun Aug 7 18:23:20 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 77626BB1965; Sun, 7 Aug 2016 18:23:20 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 317C51246; Sun, 7 Aug 2016 18:23:20 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bWSjF-0000II-Tg; Sun, 07 Aug 2016 21:23:17 +0300 Date: Sun, 7 Aug 2016 21:23:17 +0300 From: Slawa Olhovchenkov To: Andrey Chernov Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, Oliver Pinter , Bruce Simpson , Warner Losh , svn-src-head@freebsd.org, Dag-Erling =?utf-8?B?U23DuHJncmF2?= Subject: Re: svn commit: r303716 - head/crypto/openssh Message-ID: <20160807182317.GE22212@zxy.spb.ru> References: <30e655d1-1df7-5e2a-fccb-269e3cea4684@freebsd.org> <20160807125227.GC22212@zxy.spb.ru> <7237f5e6-fd65-a7e5-7751-4ed1c464b39a@freebsd.org> <4D28752C-0584-4294-9250-FA88B0C6E805@bsdimp.com> <32b82f9f-7f78-6358-030a-90aed54bb8a8@freebsd.org> <0740b662-4a36-f834-229a-d16a5a6dde14@freebsd.org> <20160807173734.GD22212@zxy.spb.ru> <2dd7e952-ca28-57cb-ac8a-39d895b51d06@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Aug 2016 18:23:20 -0000 On Sun, Aug 07, 2016 at 09:06:37PM +0300, Andrey Chernov wrote: > On 07.08.2016 20:43, Andrey Chernov wrote: > > On 07.08.2016 20:37, Slawa Olhovchenkov wrote: > >> On Sun, Aug 07, 2016 at 08:34:55PM +0300, Andrey Chernov wrote: > >> > >>> On 07.08.2016 20:31, Andrey Chernov wrote: > >>>> On 07.08.2016 19:14, Bruce Simpson wrote: > >>>>> On 07/08/16 15:40, Warner Losh wrote: > >>>>>> That’s a cop-out answer. We, as a project, need to articulate to our > >>>>>> users, whom we care about, why this rather obnoxious hit to usability > >>>>>> was taken. The answer must be more complete than “We just disabled > >>>>>> it because upstream disabled it for reasons we’re too lazy to explain > >>>>>> or document how to work around" > >>>>> > >>>>> Alcatel-Lucent OmniSwitch 6800 login broken (pfSense 2.3.2 which > >>>>> accepted the upstream change, workaround no-go) > >>>>> > >>>>> [2.3.2-RELEASE][root@gw.lab]/root: ssh -l admin > >>>>> -oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.1.XXX > >>>>> Fssh_ssh_dispatch_run_fatal: Connection to 192.168.1.XXX port 22: DH GEX > >>>>> group out of range > >>>>> > >>>> > >>>> DH prime size must be at least 2048, openssh now refuse lower values. > >>>> Commonly used DH size 1024 can be easily broken. See https://weakdh.org > >>>> > >>> diffie-hellman-group1-sha1 use DH 1024 and insecure sha1 both. > >> > >> IMHO, this is wrong choise: totaly lost of control now vs teoretical > >> compromise of control in the future. > > > > Please note that it was not my choice and I can't answer what to do with > > non-upgradeable hardware question, address it to the author. I just tell > > you _why_ it happens. > > > > BTW, compromise is practical enough. From https://weakdh.org/ "A close > reading of published NSA leaks shows that the agency's attacks on VPNs > are consistent with having achieved such a break." For this compromise need 1) NSA interesed to me 2) NSA must be able to access to weak device for traffic intercept This is imposible at this time. Also, if NSA can be able to intercept such traffic weak crypto will be last resort of my trouble.