[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)

On Fri, May 16, 2008 at 05:26:09PM +0200, nicolas vigier wrote:
If I understand correctly, it means that if you use a good key with a
flawed openssl to connect to an other host using that key, then that
key can be considered compromised.

If I have a DSA key, and the client (my machine) has a bad OpenSSL, then
I have exposed my secret key.  This is because I generate the random
data on the client.

But what about using a good key on a host with a good openssl, to
connect to a server which use a bad openssl ?

Since the random data is generated on the client, I have not exposed my
key.  However, if Diffie-Hellman key exchange is used, the session key
is probably insecure, and thus it is easy to sniff the messages.

Note that this only applies to DSA.  RSA keys only use random data to
pad the signature (such as in PKCS #1), and so it is much less likely
that you have exposed the secret key.  (For the unlikely situation that
you have, see "Low Encryption Exponent Attack against RSA", Applied
Cryptography, p.472).

brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply to: