From owner-svn-src-head@freebsd.org Sun Aug 7 18:34:56 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3CE72BB1C15 for ; Sun, 7 Aug 2016 18:34:56 +0000 (UTC) (envelope-from mailing-machine@vniz.net) Received: from mail-lf0-f47.google.com (mail-lf0-f47.google.com [209.85.215.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CDDF61788 for ; Sun, 7 Aug 2016 18:34:55 +0000 (UTC) (envelope-from mailing-machine@vniz.net) Received: by mail-lf0-f47.google.com with SMTP id b199so234106303lfe.0 for ; Sun, 07 Aug 2016 11:34:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=BapGLFyrfrFA5vIrJ6CqIwoCcVCvMvizYHsMtlrKHq0=; b=X1Ahn7QWqiZzN7FJtoTVRq3eq4OmpZVJKCV5L9VpXlTbU28zT4dmTD4xb/RzB6hhva 4eqIcH82ZmqCtsNfpxudF60qs97TbXAgN87h7SRePyEC6VRYIPUjb1OI7992+o0ZNlEo LOU1EeFzwr/t5EiTbwpJqzTxJcP/phgSSdpxM4sfyINM5kd8ks9rGBqa5id3gok9S/Ub nLFXdUvGHuw8Wh7EbwQvzEOkn5OtxKtYoOKwdeW3rvlxkp2l1shWQ5jHacjXpYLKG+jW bF50aiX+0Qa2JnD1WFvE/bhU7o352mYaw9pNTKby9uBdpnvb1xDY38nDPihpzvl2xNXr R2hg== X-Gm-Message-State: AEkoousfTv7VEixg6lAM3+gOYYaMN0KJQTJ8W+smzWCsvf55E9acBM7KcLMdqHUqcQhPNA== X-Received: by 10.25.165.71 with SMTP id o68mr22087668lfe.95.1470594893403; Sun, 07 Aug 2016 11:34:53 -0700 (PDT) Received: from [192.168.1.2] ([89.169.173.68]) by smtp.gmail.com with ESMTPSA id l19sm5000996lfi.24.2016.08.07.11.34.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 07 Aug 2016 11:34:52 -0700 (PDT) Subject: Re: svn commit: r303716 - head/crypto/openssh To: Slawa Olhovchenkov References: <30e655d1-1df7-5e2a-fccb-269e3cea4684@freebsd.org> <20160807125227.GC22212@zxy.spb.ru> <7237f5e6-fd65-a7e5-7751-4ed1c464b39a@freebsd.org> <4D28752C-0584-4294-9250-FA88B0C6E805@bsdimp.com> <32b82f9f-7f78-6358-030a-90aed54bb8a8@freebsd.org> <0740b662-4a36-f834-229a-d16a5a6dde14@freebsd.org> <20160807173734.GD22212@zxy.spb.ru> <2dd7e952-ca28-57cb-ac8a-39d895b51d06@freebsd.org> <20160807182317.GE22212@zxy.spb.ru> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, Oliver Pinter , Bruce Simpson , Warner Losh , svn-src-head@freebsd.org, =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= From: Andrey Chernov Message-ID: Date: Sun, 7 Aug 2016 21:34:51 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <20160807182317.GE22212@zxy.spb.ru> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Aug 2016 18:34:56 -0000 On 07.08.2016 21:23, Slawa Olhovchenkov wrote: > On Sun, Aug 07, 2016 at 09:06:37PM +0300, Andrey Chernov wrote: > >> On 07.08.2016 20:43, Andrey Chernov wrote: >>> On 07.08.2016 20:37, Slawa Olhovchenkov wrote: >>>> On Sun, Aug 07, 2016 at 08:34:55PM +0300, Andrey Chernov wrote: >>>> >>>>> On 07.08.2016 20:31, Andrey Chernov wrote: >>>>>> On 07.08.2016 19:14, Bruce Simpson wrote: >>>>>>> On 07/08/16 15:40, Warner Losh wrote: >>>>>>>> That’s a cop-out answer. We, as a project, need to articulate to our >>>>>>>> users, whom we care about, why this rather obnoxious hit to usability >>>>>>>> was taken. The answer must be more complete than “We just disabled >>>>>>>> it because upstream disabled it for reasons we’re too lazy to explain >>>>>>>> or document how to work around" >>>>>>> >>>>>>> Alcatel-Lucent OmniSwitch 6800 login broken (pfSense 2.3.2 which >>>>>>> accepted the upstream change, workaround no-go) >>>>>>> >>>>>>> [2.3.2-RELEASE][root@gw.lab]/root: ssh -l admin >>>>>>> -oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.1.XXX >>>>>>> Fssh_ssh_dispatch_run_fatal: Connection to 192.168.1.XXX port 22: DH GEX >>>>>>> group out of range >>>>>>> >>>>>> >>>>>> DH prime size must be at least 2048, openssh now refuse lower values. >>>>>> Commonly used DH size 1024 can be easily broken. See https://weakdh.org >>>>>> >>>>> diffie-hellman-group1-sha1 use DH 1024 and insecure sha1 both. >>>> >>>> IMHO, this is wrong choise: totaly lost of control now vs teoretical >>>> compromise of control in the future. >>> >>> Please note that it was not my choice and I can't answer what to do with >>> non-upgradeable hardware question, address it to the author. I just tell >>> you _why_ it happens. >>> >> >> BTW, compromise is practical enough. From https://weakdh.org/ "A close >> reading of published NSA leaks shows that the agency's attacks on VPNs >> are consistent with having achieved such a break." > > For this compromise need > > 1) NSA interesed to me This particular condition is not necessary, they can decrypt all traffic with weak DH primes passed through main channels in USA and perhaps partially in Europe (depends on mutual agreement), then find interesting keywords to spy more closely afterwards. > 2) NSA must be able to access to weak device for traffic > intercept > > This is imposible at this time. > > Also, if NSA can be able to intercept such traffic weak crypto will be > last resort of my trouble. About the rest, I am not the person to argue with. Why you still not send your opinion to the author?