Slide 21
Slide 21 text
Efficacy
Trustworthiness damaged by multiple vulnerabilities, both
implementation and protocol
(Heartbleed, POODLE, FREAK, LogJam)
Selection of ciphersuite of paramount importance
ECDHE defeats all known crypto attacks
Ultra paranoid? Replace Diffie Hellman group parameters, and/or
only use >= 2048 bit primes
awk '$5 > 2000' /etc/ssh/moduli > new_moduli && mv
new_moduli /etc/ssh/moduli
See weakdh.org