krisFreeBSD.org

• Next message: Theo Bell: "Re: DOS atack of hardware problem?"
• Previous message: Palle Girgensohn: "telnet, SRA & preventing remote login as root?"
• Next in thread: Boris: "Re[2]: OpenSSH 2.3.0 pre-upgrade"
• Reply: Boris: "Re[2]: OpenSSH 2.3.0 pre-upgrade"
• Reply: Jeroen C. van Gelderen: "Re: OpenSSH 2.3.0 pre-upgrade"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 24, 2000 at 06:28:19PM -0500, Brian F. Feldman wrote:

> What's new in this release? Mostly the adding of the AES (Rijndael) to the
> SSH2 algorithms. Is anything now broken? Well, nothing new broken that I

Doesn't that rely on AES support in OpenSSL?

> There's some weird issue where for the Diffie-Hellman exchange, OpenSSH
> wants primes but doesn't seem to want to generate them... it expects an
> /etc/ssh/primes (which should become /var/run/ssh_primes, if anything) and I
> have no clue where the program is that supposedly generates them. So, for
> SSH2, the authentication stage generates a large warning and uses a
> hardcoded prime. This should not actually have an affect on security,
> though, according to my understanding of the Diffie-Hellman protocol.

They're static - OpenBSD just committed the file with some good primes
generated from OpenSSL, presumably.

Kris

• application/pgp-signature attachment: stored

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Theo Bell: "Re: DOS atack of hardware problem?"
• Previous message: Palle Girgensohn: "telnet, SRA & preventing remote login as root?"
• Next in thread: Boris: "Re[2]: OpenSSH 2.3.0 pre-upgrade"
• Reply: Boris: "Re[2]: OpenSSH 2.3.0 pre-upgrade"
• Reply: Jeroen C. van Gelderen: "Re: OpenSSH 2.3.0 pre-upgrade"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]