diff options
| author | dtucker <dtucker> | 2013-10-09 23:32:39 +0000 |
|---|---|---|
| committer | dtucker <dtucker> | 2013-10-09 23:32:39 +0000 |
| commit | ab3e6632dd18a952545785d2c62e9e606cf85549 (patch) | |
| tree | deee58a116cc47592f802814d3c8cffd3591d957 | |
| parent | d64169e1bb4374a7d9d24e68d182a7e6f5f747b9 (diff) | |
| download | openssh-ab3e6632dd18a952545785d2c62e9e606cf85549.tar.gz | |
- dtucker@cvs.openbsd.org 2013/10/08 11:42:13
[dh.c dh.h]
Increase the size of the Diffie-Hellman groups requested for a each
symmetric key size. New values from NIST Special Publication 800-57 with
the upper limit specified by RFC4419. Pointed out by Peter Backes, ok
djm@.
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | dh.c | 17 | ||||
| -rw-r--r-- | dh.h | 3 |
3 files changed, 18 insertions, 8 deletions
@@ -21,6 +21,12 @@ [sshconnect.c] bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from swp AT swp.pp.ru; ok dtucker@ + - dtucker@cvs.openbsd.org 2013/10/08 11:42:13 + [dh.c dh.h] + Increase the size of the Diffie-Hellman groups requested for a each + symmetric key size. New values from NIST Special Publication 800-57 with + the upper limit specified by RFC4419. Pointed out by Peter Backes, ok + djm@. 20131009 - (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.51 2013/07/02 12:31:43 markus Exp $ */ +/* $OpenBSD: dh.c,v 1.52 2013/10/08 11:42:13 dtucker Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -352,17 +352,20 @@ dh_new_group14(void) /* * Estimates the group order for a Diffie-Hellman group that has an - * attack complexity approximately the same as O(2**bits). Estimate - * with: O(exp(1.9223 * (ln q)^(1/3) (ln ln q)^(2/3))) + * attack complexity approximately the same as O(2**bits). + * Values from NIST Special Publication 800-57: Recommendation for Key + * Management Part 1 (rev 3) limited by the recommended maximum value + * from RFC4419 section 3. */ int dh_estimate(int bits) { - + if (bits <= 112) + return 2048; if (bits <= 128) - return (1024); /* O(2**86) */ + return 3072; if (bits <= 192) - return (2048); /* O(2**116) */ - return (4096); /* O(2**156) */ + return 7680; + return 8192; } @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.h,v 1.10 2008/06/26 09:19:40 djm Exp $ */ +/* $OpenBSD: dh.h,v 1.11 2013/10/08 11:42:13 dtucker Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. @@ -43,6 +43,7 @@ int dh_pub_is_valid(DH *, BIGNUM *); int dh_estimate(int); +/* Min and max values from RFC4419. */ #define DH_GRP_MIN 1024 #define DH_GRP_MAX 8192 |