[Bug 1469] Should sshd detect and reject vulnerable SSH keys (re: Debian DSA-1571 and DSA-1576)

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sun May 25 06:35:25 EST 2008


https://bugzilla.mindrot.org/show_bug.cgi?id=1469


Alex Howells <alex.howells at 0wn3d.us> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |alex.howells at 0wn3d.us




--- Comment #1 from Alex Howells <alex.howells at 0wn3d.us>  2008-05-25 06:35:22 ---
I think there is a considerable disadvantage to the implementation of
this feature: users are liable assume any vulnerable key will be
detected and rejected, which is likely a false assumption :(

What certain distributions are including is not a complete list, their
utilities/patches seem to analyze the first 80-84 bits of a fingerprint
-- this is liable to give false positives, and the inclusive blacklists
only cover the most basic permutations of key, a la;

    1024-bit DSA
    768-bit RSA
    1024-bit RSA
    2048-bit RSA

As far as I am aware they don't cover 4096-bit RSA, and any user who
had generated with `ssh-keygen -b 8150 -t rsa` would not be blocked.

I think this might be a feature which needs to be maintained
externally. That way there can be good documentation showing what
permutations would be detected and users are less liable to make nasty
assumptions... Perhaps another good reason to not include this is the
'bloat factor'? It'd probably make releases considerably larger?

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list