On Saturday 05 of May 2012 20:03:04 Peter Lebbing wrote: > On 05/05/12 15:49, Hubert Kario wrote: > > As far as I know, OpenSSH uses DH parameters of the same size as the RSA > > keys: for 8k DH you need 8k RSA or (which is unmaintainable) manually > > force use of 8k DH. > > Okay, going out on a limb here, since all what I say is conjecture. > Actually consulting the SSH RFC's seems like too much work, or seems too > much like work :). > > I think it's rather the case that the size of the DH parameters is > proportional to the keysize of the symmetric algorithm used to secure > the SSH session, because the DH params are used to compute the session > key. So you are right that the DH params are proportional in size to a > key used, but you've confused the keys, asymmetric vs symmetric. That > way it makes sense to me.
The secret being exchanged is, of course, the random session key. Its size is related to size of subgroup in DH. But it's the size of prime used that sets the security level, which just happens to share security evaluation with RSA as far as number of bits is concerned (IOW: n-bit DH is considered to be as hard to attack as n-bit RSA). > If I look at the debug messages emitted by the OpenSSH client, I'm under > the impression that key exchange is already completed before > authentication with RSA starts. DH without authentication is useless (trivial to MITM). You need to authenticate the DH params you recieve from the other party before you do anything with them. Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users