Dirk-Willem van Gulik wrote:
On May 19, 2008, at 3:15 PM, Florian Weimer wrote:* Dirk-Willem van Gulik:Working with the original and some indication as to what pid, platform, keylen endianness, and .rnd, is useful - as that way it is possible to understand, reconstruct, spotcheck or verify in-situ - rather than having to build trust without easy verify.It's also trivial to recover the key material. For obvious reasons, I want to avoid that.Given how trivial that is, and regardless, I'd rather see a focus on ensuring that the tools can be trusted, are absolutely complete and that such is relatively easy to verify.
This is good argument. When I was trying to secure my systems from weak SSH keys. I decided to use ssh-vulnkey and build blacklists by myself from work of H D Moore. I do not trust dowkd.pl script because it lacks info where keys were taken. It also reported 0 weak keys even if there were keys of rare length, I presume unknown to dowkd.pl. I agree that there is need to have tool which everyone can easy verify.
When attacker want to attack a host running SSH he have to try number keys and he even do not known if that host have some weak key installed.
With X509 certificates it's different. They are public, everyone can take my certificate. With X509 certificate in hands he can simply lookup database, pick private key and sign as if it was me. Scary. It's even worse because many software is lacking support for CRL. Including Thunderbird I'm using.
I realized that I did stupid mistake when I published PID used to create key. :( I removed old databases. And published new which contains openssl-blacklist compatible hash and Modulus. I hope this might help other people to create their blacklists but it doesn't reduce time needed for finding right key. That time is short anyway. To build my lists I need 3days of 2x Quad Core Intel processors. Such computation power can have everyone.
If Debian or Ubuntu Security teams are interested I can share private keys with them, but publishing them on web really isn't good idea.
Best regards -- ----------------------- Jan Tomasek aka Semik http://www.tomasek.cz/
Attachment:
signature.asc
Description: OpenPGP digital signature