On 05/05/2012 08:03 PM, Peter Lebbing wrote: > On 05/05/12 15:49, Hubert Kario wrote: >> As far as I know, OpenSSH uses DH parameters of the same size as >> the RSA keys: for 8k DH you need 8k RSA or (which is >> unmaintainable) manually force use of 8k DH. > > Okay, going out on a limb here, since all what I say is > conjecture. Actually consulting the SSH RFC's seems like too much > work, or seems too much like work :). > > I think it's rather the case that the size of the DH parameters is > proportional to the keysize of the symmetric algorithm used to > secure the SSH session, because the DH params are used to compute > the session key. So you are right that the DH params are > proportional in size to a key used, but you've confused the keys, > asymmetric vs symmetric. That way it makes sense to me. > > If I look at the debug messages emitted by the OpenSSH client, I'm > under the impression that key exchange is already completed before > authentication with RSA starts.
Hm, shouldn't authentication happen before exchanging key for symmetric part of encryption during the SSH session? > Peter. > -- Regards, Milo _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users