Imperfect Forward Secrecy: 1024-bit DH attack #57
Description
Hi,
after reading about the recent DH attack I was wondering if we should change the default key exchange methods for this module. I know that we could still use DH using parameters of at least of 2048-bit but I'm worried that most of the sysadmins will not do it.
I also like the idea of this module that provide an hardened ssh config with a simple
include ::modulename
I don't think we should add: "...BUT in case you use DH kex methods this is not valid anymore if you use DH parameters < 2048bit"
Ref:
https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH
https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/
https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf