Increase the size of the Diffie-Hellman groups requested for a each symmetric

key size.  New values from NIST Special Publication 800-57 with the upper
limit specified by RFC4419.  Pointed out by Peter Backes, ok djm@.

1 files changed, 10 insertions, 7 deletions

diff --git a/usr.bin/ssh/dh.c b/usr.bin/ssh/dh.c
index e94572de1c6..98f0fde2f05 100644
--- a/usr.bin/ssh/dh.c
+++ b/usr.bin/ssh/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.51 2013/07/02 12:31:43 markus Exp $ */
+/* $OpenBSD: dh.c,v 1.52 2013/10/08 11:42:13 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -349,17 +349,20 @@ dh_new_group14(void)
 
 /*
  * Estimates the group order for a Diffie-Hellman group that has an
- * attack complexity approximately the same as O(2**bits).  Estimate
- * with:  O(exp(1.9223 * (ln q)^(1/3) (ln ln q)^(2/3)))
+ * attack complexity approximately the same as O(2**bits).
+ * Values from NIST Special Publication 800-57: Recommendation for Key
+ * Management Part 1 (rev 3) limited by the recommended maximum value
+ * from RFC4419 section 3.
  */
 
 int
 dh_estimate(int bits)
 {
-
+	if (bits <= 112)
+		return 2048;
 	if (bits <= 128)
-		return (1024);	/* O(2**86) */
+		return 3072;
 	if (bits <= 192)
-		return (2048);	/* O(2**116) */
-	return (4096);		/* O(2**156) */
+		return 7680;
+	return 8192;
 }