[Cryptography] DH non-prime kills "socat" command security
Ray Dillinger
bear at sonic.net
Wed Feb 10 17:44:34 EST 2016
On 02/10/2016 01:20 AM, William Allen Simpson wrote:
> Which is why all responsible OS vendors ship /etc/moduli -- and
> better OS vendors generate and validate their own for every release,
> so that we aren't stuck with stale parameters.
Isn't it more reasonable for /etc/cron/daily to generate the file
( which is /etc/ssh/moduli on most unices )?
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160210/09084e6a/attachment.sig>
More information about the cryptography
mailing list