On Fri, 2005-01-14 at 22:13, William Allen Simpson wrote:
> Generally, the idea is that each system release have a new moduli file.
> 
> The 1024-bit moduli (most commonly used) should be replaced regularly,
> probably on the order of every year, but could be needed more often. 
> Perry Metzger claimed there was going to be an analysis paper on it,
> but I've not seen it.
> 
> About 15 months ago, I submitted a replacement
>   http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=23076
> 
> OpenSSH replaced theirs 12 months ago (currently 1.2).
> 
> NetBSD has not updated from OpenSSH (still using one going on 5 years
> old), nor used those I specially generated for you.
> 
> I'd be willing to guess that you've shipped 2.0 with moduli that have
> long since been cracked by most major governments, and possibly major
> corporations.  Why?

Not to mention anyone with access to a couple of dozen machines for a
parallel brute force attack
-- 
Seth Kurtzberg
CQL.com
480-620-1099

CQL - The smallest footprint SQL engine for embedded applications, with
full transactional semantics, serializability, and guaranteed recovery
to the last committed transaction.