PuTTY wish rfc8268-dh-groups

This is a mirror. Follow this link to find the primary PuTTY web site.

summary: Support larger fixed Diffie-Hellman groups specified in RFC 8268
class: wish: This is a request for an enhancement.
fixed-in: 031d86ed5ba4dd4f7b61af483a20f48f7811f2ab (0.78)

RFC 8268 defines a new set of Diffie-Hellman key exchange methods for use in SSH, using fixed prime moduli larger than the previous fixed ones, and SHA-512 as the hash function:

diffie-hellman-group18-sha512 (8192 bits)
diffie-hellman-group17-sha512 (6144 bits)
diffie-hellman-group16-sha512 (4096 bits)
diffie-hellman-group15-sha512 (3072 bits)

For comparison, the older fixed groups used in key exchange were group14 at 2048 bits (used with SHA-256 and SHA-1), and the original SSH-2 specification's group1 at 1024 bits (used with SHA-1).

PuTTY now supports all of these key exchange methods, for both basic SSH key exchange and GSS-API key exchange.

If you want to comment on this web site, see the Feedback page.

Audit trail for this wish.

(last revision of this bug record was at 2022-09-11 23:46:37 +0100)