Merge pull request #114 from bantu/fix-weak-ssh-dh-keys

Fix weak ssh dh keys
2024-12-12 09:09:39 +01:00 · 2013-06-05 21:57:15 -07:00 · 2013-06-05 21:57:15 -07:00 · e25ae8c4f4
commit e25ae8c4f4
parent 6c4b0cb833 1733c3366c
1 changed files with 3 additions and 3 deletions
--- a/phpseclib/Net/SSH2.php
+++ b/phpseclib/Net/SSH2.php
@ -1166,7 +1166,7 @@ class Net_SSH2 {
                                  '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . 
                                  '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . 
                                  'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF');
-                $keyLength = $keyLength < 160 ? $keyLength : 160;
+                $keyLength = $keyLength < 20 ? $keyLength : 20;
                $hash = 'sha1';
                break;
            // see http://tools.ietf.org/html/rfc3526#section-3
@ -1179,7 +1179,7 @@ class Net_SSH2 {
                                  '9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' . 
                                  'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718' . 
                                  '3995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF');
-                $keyLength = $keyLength < 160 ? $keyLength : 160;
+                $keyLength = $keyLength < 20 ? $keyLength : 20;
                $hash = 'sha1';
        }

@ -1194,7 +1194,7 @@ class Net_SSH2 {

           -- http://tools.ietf.org/html/rfc4419#section-6.2 */
        $q = new Math_BigInteger(1);
-        $q = $q->bitwise_leftShift(2 * $keyLength);
+        $q = $q->bitwise_leftShift(16 * $keyLength); // 2 * 8 * $keyLength
        $q = $q->subtract(new Math_BigInteger(1));

        $g = new Math_BigInteger(2);