Legacy option for key length?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Dec 30 10:16:53 AEDT 2017 

On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote:
> Why not make minimum key length a tunable, just as the other options are?

Because the goal of building secure software is to make it easy to
answer the question "are you using it securely?"

you note that modern browsers (which do try to take security seriously,
despite their vast attack surface) have the same "problem" as the modern
OpenSSH ssh client does.

If you're responsible for those ADC devices, you should probably take
one of these avenues:

 a) ask the vendor to release an upgrade to their firmware so that
    you're not tied to their ancient (likely buggy) version.

 b) ask the vendor to open their specs and upgrade channels so that
    someone else could update their firmware

 c) configure the devices to offer a non-secure protocol (e.g. telnet),
    that never claims to be secure, if you're confident in the rest of
    your network perimeter security

 d) remove the devices and replace them with something that is actually
    well-supported.

> Perhaps if you're dead-set on this being so dangerous,

It's not the developers who are dead-set on weak-keyed RSA being
insecure, it's the cryptanalysts who have shown that to be the case :)

> you could make it so that you could specify a command-line option to
> accept a lower value one time, but you're perhaps not able to override
> it via the config.

For your own purposes, you can of course always compile old versions of
code to do terrible things, and you can recompile free software with
patches to make it do terrible things.

But please don't ask to make it easier for free software to do terrible
things to *other* people.  That way lies things like the TLS "Export"
cipher suites, which are mistakes we are *still* paying for, decades
after their introduction.

If OpenSSH introduces this option, i'm sure we'll soon see it on stack
exchange as "how do i get ssh to work in condition $X?", at which point
the option or command-line argument will be copy/pasted into far more
places than it should be.

Please, don't make it easy to weaken this already-too-weak baseline.

All the best,

      --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20171229/4374b796/attachment.asc>

More information about the openssh-unix-dev mailing list