OpenSSH daemon security bug?

Wed Jan 6 10:08:04 EST 2010

The below one has been a good technical analysis taking into account the human 
factor too. Thanks!

Jamie Beverly wrote:
> ----- Original Message ----
>
> > From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
> > To: openssh-unix-dev at mindrot.org
> > Sent: Tue, January 5, 2010 9:25:26 AM
> > Subject: Re: OpenSSH daemon security bug?
> >
> > On 01/05/2010 10:21 AM, Mark Janssen wrote:
> > > On Tue, Jan 5, 2010 at 4:01 PM, Davi Diaz wrote:
> > >> co-worker wrote:
> > >>> I am all for encouraging key-based logins, but I think disabling
> > >>> password logins completely actually reduces security.
> > >
> > > I must agree here, while keys are better then passwords, it's
> > > impossible to enforce passphrase quality on keys, while it is possible
> > > to enforce some quality on passwords.
> >
> > i don't think you're comparing the same thing, though.  You can make
> > sure it's a really really strong password, but it's still *not* possible
> > to enforce that your users keep their password safe.
> >
> > If you're worried that your users might leave an unprotected key lying
> > around, you should *also* be worried that those same users might send
> > their password via e-mail (even if it's just "to themselves as a
> > reminder"), or write it in a cleartext file on their computer, reuse it
> > for their amazon account, for their blog, etc.
> >
> > At some level, you have to trust your users if they're going to use your
> > system.  And have good backups, easy recovery, and regular user
> > education about good practices, of course ;)
> >
> >     --dkg
>
> More to the point, password authentication is fundamentally less secure
> than ssh public key authentication. The comparisons being made here are
> seemingly getting hung up on the word "password", and supposing that the
> weakness of one password is the same as the weakness of another. They are
> not.
>
> The password on a private key helps to protect that private key from being
> stolen. However, the most often exploited, and hence far greater risks are
> brute-force/dictionary attacks and password interception.
>
> Even a passwordless private key has between 768-4096 bits of entropy, which
> is roughly equivalent to a human-remembered passphrase of between
> 2000-10,000 characters. Good luck enforcing that password policy!
>
> And as to interception, private key exchanges never actually send the
> private key on the wire, instead they rely on a challenge/response using a
> randomly generated number. (essentially a packet containing a random number
> is encrypted to a public key, and that encrypted message is sent as the
> challenge; the client is then forced to decrypt that message to prove that
> it can decipher that number; if it helps by way of analogy, its like
> sending somebody a GPG encrypted email and then having them prove they have
> the key that can decrypt it)
>
> As dkg points out, you have to trust your users not to do stupid things,
> and more often than not, continue to find yourself disappointed when they
> do in fact, do stupid things. That said, there is NO case where password
> authentication is MORE, or even nearly AS secure as private key
> authentication. Public key authentication mitigates more risk. Period.