Closed robert-scheck closed 7 years ago
So I read the whole thread on that bug. Whew. Lots of "I'm not a cryptographer..." comments. But one that stands out for me is https://bugzilla.redhat.com/show_bug.cgi?id=1010607#c42, who is a cryptographer and says he is not convinced there is a problem.
We are worried about denial of service attacks with 65Kbit modulii. We are not interested in changing it now, as well feel ECDH is a better long-term approach. You can always compile your version of openssl with a -D
flag to set the number of bits. (Yes that might have interop issues, but since most implementations of ssh will not be rebuild/relinked, they will exist anyway,)
Sorry, closing this. If you want to re-open, please start a discussion on the openssl-dev mailing list, or perhaps another crypto-related list, to see if there's justfication.
I hereby would like to proxify https://bugzilla.redhat.com/show_bug.cgi?id=1062925 to upstream, given I did not find any issue for this (hopefully I'm not causing a duplicate):
Peter Backes 2014-02-08 14:27:48 EST
Peter Backes 2014-02-09 18:05:04 EST