Bug#481177: openssh-server: randomise size of rsa host keys

To: Jon Dowland <jon+bts@alcopop.org>, 481177@bugs.debian.org
Subject: Bug#481177: openssh-server: randomise size of rsa host keys
From: Colin Watson <cjwatson@debian.org>
Date: Wed, 14 May 2008 12:47:55 +0100
Message-id: <[🔎] 20080514114755.GU16645@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 481177@bugs.debian.org
In-reply-to: <[🔎] 20080514112508.GA19157@ankh.ncl.ac.uk>
References: <[🔎] 20080514112508.GA19157@ankh.ncl.ac.uk>

On Wed, May 14, 2008 at 12:25:08PM +0100, Jon Dowland wrote:
> Given that rainbow tables for vulnerable keys are
> predicated on the size of the key, would you consider
> randomizing the length of the host RSA key, to protect
> against future exploits?

The client is told how long the host RSA key is, so I'm afraid all this
would do would be to slow an attacker down slightly (a few hours of
computation at most) and make it infeasible to ship blacklists such as
we have been able to do this time for at least a reasonable subset of
the affected keys. Thus, I don't think this is a good idea. Do you
agree, given this rebuttal?

(I don't know if you know the exact nature of the blacklist generation;
at the moment I don't want to give out exploit code.)

Regards,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

References:
- Bug#481177: openssh-server: randomise size of rsa host keys
  - From: Jon Dowland <jon+bts@alcopop.org>

Prev by Date: Bug#481177: openssh-server: randomise size of rsa host keys
Next by Date: Processed: Re: ssh-copy-id: Should specify that the remote command must be ran with /bin/sh
Previous by thread: Bug#481177: openssh-server: randomise size of rsa host keys
Next by thread: Bug#481177: openssh-server: randomise size of rsa host keys
Index(es):
- Date
- Thread