From owner-svn-src-head@freebsd.org Sun Aug 7 18:52:41 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 38574BB1F4F; Sun, 7 Aug 2016 18:52:41 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id ECB6E1EC5; Sun, 7 Aug 2016 18:52:40 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bWTBd-00015y-P2; Sun, 07 Aug 2016 21:52:37 +0300 Date: Sun, 7 Aug 2016 21:52:37 +0300 From: Slawa Olhovchenkov To: Andrey Chernov Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, Oliver Pinter , Bruce Simpson , Warner Losh , svn-src-head@freebsd.org, Dag-Erling =?utf-8?B?U23DuHJncmF2?= Subject: Re: svn commit: r303716 - head/crypto/openssh Message-ID: <20160807185237.GV8192@zxy.spb.ru> References: <7237f5e6-fd65-a7e5-7751-4ed1c464b39a@freebsd.org> <4D28752C-0584-4294-9250-FA88B0C6E805@bsdimp.com> <32b82f9f-7f78-6358-030a-90aed54bb8a8@freebsd.org> <0740b662-4a36-f834-229a-d16a5a6dde14@freebsd.org> <20160807173734.GD22212@zxy.spb.ru> <2dd7e952-ca28-57cb-ac8a-39d895b51d06@freebsd.org> <20160807182317.GE22212@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Aug 2016 18:52:41 -0000 On Sun, Aug 07, 2016 at 09:34:51PM +0300, Andrey Chernov wrote: > On 07.08.2016 21:23, Slawa Olhovchenkov wrote: > > On Sun, Aug 07, 2016 at 09:06:37PM +0300, Andrey Chernov wrote: > > > >> On 07.08.2016 20:43, Andrey Chernov wrote: > >>> On 07.08.2016 20:37, Slawa Olhovchenkov wrote: > >>>> On Sun, Aug 07, 2016 at 08:34:55PM +0300, Andrey Chernov wrote: > >>>> > >>>>> On 07.08.2016 20:31, Andrey Chernov wrote: > >>>>>> On 07.08.2016 19:14, Bruce Simpson wrote: > >>>>>>> On 07/08/16 15:40, Warner Losh wrote: > >>>>>>>> That’s a cop-out answer. We, as a project, need to articulate to our > >>>>>>>> users, whom we care about, why this rather obnoxious hit to usability > >>>>>>>> was taken. The answer must be more complete than “We just disabled > >>>>>>>> it because upstream disabled it for reasons we’re too lazy to explain > >>>>>>>> or document how to work around" > >>>>>>> > >>>>>>> Alcatel-Lucent OmniSwitch 6800 login broken (pfSense 2.3.2 which > >>>>>>> accepted the upstream change, workaround no-go) > >>>>>>> > >>>>>>> [2.3.2-RELEASE][root@gw.lab]/root: ssh -l admin > >>>>>>> -oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.1.XXX > >>>>>>> Fssh_ssh_dispatch_run_fatal: Connection to 192.168.1.XXX port 22: DH GEX > >>>>>>> group out of range > >>>>>>> > >>>>>> > >>>>>> DH prime size must be at least 2048, openssh now refuse lower values. > >>>>>> Commonly used DH size 1024 can be easily broken. See https://weakdh.org > >>>>>> > >>>>> diffie-hellman-group1-sha1 use DH 1024 and insecure sha1 both. > >>>> > >>>> IMHO, this is wrong choise: totaly lost of control now vs teoretical > >>>> compromise of control in the future. > >>> > >>> Please note that it was not my choice and I can't answer what to do with > >>> non-upgradeable hardware question, address it to the author. I just tell > >>> you _why_ it happens. > >>> > >> > >> BTW, compromise is practical enough. From https://weakdh.org/ "A close > >> reading of published NSA leaks shows that the agency's attacks on VPNs > >> are consistent with having achieved such a break." > > > > For this compromise need > > > > 1) NSA interesed to me > > This particular condition is not necessary, they can decrypt all traffic > with weak DH primes passed through main channels in USA and perhaps > partially in Europe (depends on mutual agreement), then find interesting > keywords to spy more closely afterwards. My interraction with weak devices don't cross EU/USA borders. I am assume Bruce's interraction with weak devices don't cross server room. Yes, I am know about 'security in depth'. But PCI-DSS don't be need at any places. > > 2) NSA must be able to access to weak device for traffic > > intercept > > > > This is imposible at this time. > > > > Also, if NSA can be able to intercept such traffic weak crypto will be > > last resort of my trouble. > > About the rest, I am not the person to argue with. Why you still not I am not convince you. I am also just talk my opinion (as you). > send your opinion to the author? > I am not sure about suitable response from autor. May be project [FreeBSD] choise some compromise. Last time I am have only two devices with weak crypto. One device can be accept only DES. Other accept only rsa/dss (if not hanged). I am able to create ssh client with support this weak ciphers for access to this devices. I am will be sad about causeless enforcing strong crypto.