Regarding Pubkey Enumeration

Damien Miller djm at mindrot.org
Sat Jan 21 09:04:12 EST 2012


On Fri, 20 Jan 2012, Dan Kaminsky wrote:

> 
> On Jan 20, 2012, at 4:43 PM, Damien Miller <djm at mindrot.org> wrote:
> 
> > On Fri, 20 Jan 2012, Dan Kaminsky wrote:
> > 
> >> Eh, you wouldn't support a feature that only displayed a password prompt if the username was valid.  Same thing, very similar experience even.
> > 
> > It isn't the same thing at all. Usernames are short, low-entropy and highly
> > common between systems. Public keys are none of these.
> > 
>
> HD is raiding authorized_keys files to successfully get around this
> limitation -- there's a reason we call them public keys. Also the very
> fact that public keys are only conditionally common between systems is
> an issue, as it's strongly deanonymizing nodes.

If you have popped an account, then there are myriad sources of data
that you can use to determined linked hosts (known_hosts, lastlog, shell
history, [uw]tmp, etc.).

> It's the same UI to type in a password vs. a pass phrase, and we don't
> bypass the former just because there's no value that could work. It's
> odd indeed for public key security to be visibly weaker than password.

That's because it isn't by any normal definition. The most you've shown
is that, given a public key that is never transmitted in the clear by
SSH, you can test hosts to find where its private half might be accepted.
I'm struggling to see why this is interesting.

-d



More information about the openssh-unix-dev mailing list