[Bug 3960] New: Additional Format Blindness for EC

[bugzilla-daemon at mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=3960

            Bug ID: 3960
           Summary: Additional Format Blindness for EC
           Product: Portable OpenSSH
           Version: 10.3p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-keygen
          Assignee: unassigned-bugs at mindrot.org
          Reporter: ralph.bariz at pm.me

Problem:
Current SSH Key passwords are easily brute force able since every
result can be validated locally. This not only endangers the private
key but also the password. For RSA this was no topic due to prime
characteristics which allow to validate key locally. For EC each wrong
password could result in a valid looking seed why security could be
drastically improved by design.

Proposal:
Introduce a new key option with following behavior:
- Generated Key format is an always valid byte array.
- Public key never is stored alongside private key but always
regenerated.
- Explicit key selection at authentication required when such keys are
available.
- As with password login itself an attempt is always validated against
the server.

Consequences:
- GPU brute force is impossible since all solutions are valid.
- Server security hits (limits, throttle, ban).
- Yes it is inconvenient, but old format could still be used.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.