corrupt client keys question

Pete Flugstad peteflugstad at mchsi.com
Sat Nov 15 01:34:16 EST 2003


Dan Kaminsky wrote:
 > Been investigating this.  Preliminary evidence -- yup, keys can be
 > corrupted pretty heavily, and still result in a successful login.

Well, at least I'm not losing my mind :-).

 > Attached is a set of example keys,  bounced around quite heavily.  It
 > appears certain bytes flat out do not affect the calculation, i.e. no
 > matter what I put in there, the key still works.
 >
 > I'm actually not worried, yet -- my suspicion is that OpenSSL throws
 > some extra bits into its saved keys, and that's what I'm corrupting.

My problem is this: if the numbers are messed up enough that "openssl 
rsa -check" sees that they are mathematically messed up, then how does 
this generate a valid authentication to the server?

Pete




More information about the openssh-unix-dev mailing list