From owner-freebsd-security Sun Nov 26 11:48:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from cypherpunks.ai (cypherpunks.ai [209.88.68.47]) by hub.freebsd.org (Postfix) with ESMTP id 9F00C37B479; Sun, 26 Nov 2000 11:48:54 -0800 (PST) Received: from vangelderen.org (grolsch.ai [209.88.68.214]) by cypherpunks.ai (Postfix) with ESMTP id B94DF51; Sun, 26 Nov 2000 15:48:49 -0400 (AST) Message-ID: <3A216921.D2E9F772@vangelderen.org> Date: Sun, 26 Nov 2000 15:48:49 -0400 From: "Jeroen C. van Gelderen" X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Kris Kennaway Cc: "Brian F. Feldman" , security@FreeBSD.ORG Subject: Re: OpenSSH 2.3.0 pre-upgrade References: <200011242328.eAONSJ560421@green.dyndns.org> <20001124153307.A71713@citusc17.usc.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway wrote: > > On Fri, Nov 24, 2000 at 06:28:19PM -0500, Brian F. Feldman wrote: > > > What's new in this release? Mostly the adding of the AES (Rijndael) to the > > SSH2 algorithms. Is anything now broken? Well, nothing new broken that I > > Doesn't that rely on AES support in OpenSSL? > > > There's some weird issue where for the Diffie-Hellman exchange, OpenSSH > > wants primes but doesn't seem to want to generate them... it expects an > > /etc/ssh/primes (which should become /var/run/ssh_primes, if anything) and I > > have no clue where the program is that supposedly generates them. So, for > > SSH2, the authentication stage generates a large warning and uses a > > hardcoded prime. This should not actually have an affect on security, > > though, according to my understanding of the Diffie-Hellman protocol. > > They're static - OpenBSD just committed the file with some good primes > generated from OpenSSL, presumably. You happen to know who came up with the non-standard extension to the SSH2 protocol that allows these primes to be used?? I have not been paying much attention to the SSH list lately but this mode of key exchange seems undocumented in the latest set of drafts at: http://www.ietf.org/ids.by.wg/secsh.html It seems prudent to not introduce OpenSSH proprietary features in FreeBSD. Given the lack of documentation for this protocol 'feature' I'd suggest we disable it until documented in the appropriate I-Ds or RFCs. Cheers, Jeroen -- Jeroen C. van Gelderen - jeroen@vangelderen.org "It is not utopian to work for a society without taxation; it is utopian to think that the power to tax won't be abused once it is granted." -- Murray N. Rothbard (1926-1995) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message