corrupt client keys question
Pete Flugstad
peteflugstad at mchsi.com
Sat Nov 15 01:34:16 EST 2003
Dan Kaminsky wrote:
> Been investigating this. Preliminary evidence -- yup, keys can be
> corrupted pretty heavily, and still result in a successful login.
Well, at least I'm not losing my mind :-).
> Attached is a set of example keys, bounced around quite heavily. It
> appears certain bytes flat out do not affect the calculation, i.e. no
> matter what I put in there, the key still works.
>
> I'm actually not worried, yet -- my suspicion is that OpenSSL throws
> some extra bits into its saved keys, and that's what I'm corrupting.
My problem is this: if the numbers are messed up enough that "openssl
rsa -check" sees that they are mathematically messed up, then how does
this generate a valid authentication to the server?
Pete
More information about the openssh-unix-dev
mailing list