[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Accepted openssh 1:4.7p1-9 (source all i386)

On Tue, May 13, 2008 at 06:18:23PM -0400, Joey Hess wrote:
> I have a question about the key blacklist feature in this new release.
> What if ssh-keygen is run, and happens to generate a blacklisted key.
> Will it abort or print a warning or something like that? Should it?
> If ssh-keygen generates such a key today, openssl is broken. But if it
> happens a couple of years from now, you're probably just astronomically
> unlucky and the fixed openssl happened to still generate a key in the
> small set of weak keys. And in that hypothetical, the user probably
> doesn't know anything about what happened historically (today) and could
> be very puzzled that their shiny new key doesn't work.

Copying from my conversation with you on IRC today:

  <cjwatson> I did wonder about that
  <cjwatson> eventually I sort of figured that it was logically equivalent to ssh-keygen happening to generate a key that somebody else on the Internet already has
  <cjwatson> and decided that it wasn't immediately worth worrying about
  <joeyh> yes
  <joeyh> and yes
  <cjwatson> but yeah, given that sshd honours the blacklist there's a decent argument that ssh-keygen might as well do so too
  <joeyh> I'm more worried about 10 years from now, when we've forgotten all about this :-)

I think there's reasonable cause for a wishlist bug on openssh-client
about this (so I don't forget).

FWIW, though, I do plan to drop the dependency on openssh-blacklist
after a couple of years; eventually, it will stop being worth people's
while to try to compromise this, and then it really will be nearly
equivalent to happening to generate a key that somebody else owns. I'd
rather not have to carry the several-megabyte blacklist blob around

Colin Watson                                       [cjwatson@debian.org]

Reply to: