[GTALUG] dh key exchange question.

Tue Oct 2 17:06:36 EDT 2018

On Tue, 2 Oct 2018 at 16:30, Karen Lewellen via talk <talk at gtalug.org> wrote:
> Hi Mike,
> Thanks for that information.
> I would feel better though if  the same problem was not happening
> practically everywhere else.
> i can check my list, I believe, but imagine it will take someone skilled
> in compiling to update anything.
> Meaning I will need to either find that skill, or move our office hosting
> services  somewhere equal to dreamhost but less paranoid.
> Thanks again,

Unfortunately, I suspect that "less paranoid" isn't the right answer.

Older algorithms (and variants) are being deprecated because weaknesses
have been found in them.

In this particular case, the "group 1" Diffie Hellman algorithm was discovered
to have vulnerability to a particular class of attacks called "Logjam".
https://weakdh.org/
That web site points to some of the research work from 2015.

OpenSSH documentation references this:
https://www.openssh.com/legacy.html

They describe the opposite scenario to what you are experiencing; they
indicate the situation where a server is willing to accept
diffie-hellman-group1-sha1, where the client, being on a newer version
of OpenSSH, refuses to offer that.  If that was the situation you were
experiencing, you could change the configuration of your SSH client to
accept lower-grade forms of encryption.

Unfortunately, for your purposes, it appears likely that what has
happened is that dreamhost has upgraded to a more recent version of
OpenSSH, and has taken the recommendation by the developers that
deprecated algorithms should not be accepted.  In principle, dreamhost
could change their OpenSSH configuration to accept use of
diffie-hellman-group1-sha1, but I expect that they would be reluctant
to do this.

I work in an area where we have a lot of Java-based applications; we
wind up having regular efforts to ensure that applications are ported
to newer versions of Java for much the same reason, because the older
crypto algorithms supported by SSL libraries are being deprecated
because weaknesses have been found.  It's not good enough to suppress
paranoia; organizations that ignore the weaknesses wind up getting
bitten by attackers that use these weaknesses to steal data, often
including users' passwords.  It's really no fun to need to announce
that all the customers need to change their passwords because they
have gotten stolen.

I appreciate that it may be challenging to keep up with the
cryptographic "arms race"; unfortunately, the world is a sufficiently
hostile place that there seems to be no way around this.  You need to
be prepared to update your ssh keys often enough to keep up with
changes in SSH.

Feel sorry for those using SSL for web server applications; Giles Orr
did a talk a few months back that made it clear that keeping up with
crypto changes is a messy and thankless task.
-- 
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"