[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Accepted openssh-blacklist 0.3 (source all)


On Wed, May 21, 2008 at 05:42:43AM -0400, Simon Valiquette wrote:
> Kees Cook un jour écrivit:
>> On Wed, May 21, 2008 at 07:07:34AM +0200, Vincent Bernat wrote:
>> I could be mistaken, but prior to openssl breaking, ssh-keygen stopped
>> allowing dsa 2048 keys, which means there wasn't a way to generate bad
>> ones:
>   It didn't before. At least not directly from ssh-keygen.
>   It is so because It won't be standard compliant (the standard specify  
> that DSA must be 1024 bits).  I don't know if OpenSSH will accept longer  
> keylength (some implementation will certainly refuse It).
>   Personnally, in situation when I really care, I like to simply disable  
> DSA from sshd_config and remove the shorter key from /etc/ssh/

Sure, I think that's the best overall solution.  :)

>> $ ssh-keygen -t dsa -b 2048
>> DSA keys must be 1024 bits
>   I think It is possible to generate them with openssl.
>   It is normaly used to generate X.509 certficates, but I think you can  
> also get It to generate keys in the proper format for SSH.  In any case,  
> It can generate 2048 DSA keys or even longer ones if needed.

Right, of course.  However, due to their different paths to generate
keys, ssh-keygen and openssl generate different keys for the same pid,
type, size, arch.  So, for the case of openssh-blacklist, there's no
such thing as a "bad" DSA-2048 ssh key.  (Certainly there are bad
openssl DSA-2048 keys, but they are different.)


Kees Cook                                            @outflux.net

Reply to: