[Bug 1469] Should sshd detect and reject vulnerable SSH keys (re: Debian DSA-1571 and DSA-1576)
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun May 25 06:35:25 EST 2008
https://bugzilla.mindrot.org/show_bug.cgi?id=1469
Alex Howells <alex.howells at 0wn3d.us> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |alex.howells at 0wn3d.us
--- Comment #1 from Alex Howells <alex.howells at 0wn3d.us> 2008-05-25 06:35:22 ---
I think there is a considerable disadvantage to the implementation of
this feature: users are liable assume any vulnerable key will be
detected and rejected, which is likely a false assumption :(
What certain distributions are including is not a complete list, their
utilities/patches seem to analyze the first 80-84 bits of a fingerprint
-- this is liable to give false positives, and the inclusive blacklists
only cover the most basic permutations of key, a la;
1024-bit DSA
768-bit RSA
1024-bit RSA
2048-bit RSA
As far as I am aware they don't cover 4096-bit RSA, and any user who
had generated with `ssh-keygen -b 8150 -t rsa` would not be blocked.
I think this might be a feature which needs to be maintained
externally. That way there can be good documentation showing what
permutations would be detected and users are less liable to make nasty
assumptions... Perhaps another good reason to not include this is the
'bloat factor'? It'd probably make releases considerably larger?
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list