Re: Accepted openssh 1:4.7p1-9 (source all i386)
On Tue, May 13, 2008 at 06:18:23PM -0400, Joey Hess wrote:
> I have a question about the key blacklist feature in this new release.
> What if ssh-keygen is run, and happens to generate a blacklisted key.
> Will it abort or print a warning or something like that? Should it?
> If ssh-keygen generates such a key today, openssl is broken. But if it
> happens a couple of years from now, you're probably just astronomically
> unlucky and the fixed openssl happened to still generate a key in the
> small set of weak keys. And in that hypothetical, the user probably
> doesn't know anything about what happened historically (today) and could
> be very puzzled that their shiny new key doesn't work.
Copying from my conversation with you on IRC today:
<cjwatson> I did wonder about that
<cjwatson> eventually I sort of figured that it was logically equivalent to ssh-keygen happening to generate a key that somebody else on the Internet already has
<cjwatson> and decided that it wasn't immediately worth worrying about
<joeyh> and yes
<cjwatson> but yeah, given that sshd honours the blacklist there's a decent argument that ssh-keygen might as well do so too
<joeyh> I'm more worried about 10 years from now, when we've forgotten all about this :-)
I think there's reasonable cause for a wishlist bug on openssh-client
about this (so I don't forget).
FWIW, though, I do plan to drop the dependency on openssh-blacklist
after a couple of years; eventually, it will stop being worth people's
while to try to compromise this, and then it really will be nearly
equivalent to happening to generate a key that somebody else owns. I'd
rather not have to carry the several-megabyte blacklist blob around
Colin Watson [firstname.lastname@example.org]