Re: Accepted openssh 1:4.7p1-9 (source all i386)

To: Joey Hess <joeyh@debian.org>
Cc: Russ Allbery <rra@debian.org>, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Subject: Re: Accepted openssh 1:4.7p1-9 (source all i386)
From: Colin Watson <cjwatson@debian.org>
Date: Wed, 14 May 2008 02:49:26 +0100
Message-id: <[🔎] 20080514014926.GM16645@riva.ucam.org>
Mail-followup-to: Joey Hess <joeyh@debian.org>, Russ Allbery <rra@debian.org>, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
In-reply-to: <[🔎] 20080514010859.GA28496@kodama.kitenet.net>
References: <[🔎] E1Jvw16-0003ZX-LM@ries.debian.org> <[🔎] 20080513221823.GA10644@kodama.kitenet.net> <[🔎] 87wslxiu1w.fsf@windlord.stanford.edu> <[🔎] 20080514010859.GA28496@kodama.kitenet.net>

On Tue, May 13, 2008 at 09:08:59PM -0400, Joey Hess wrote:
> Russ Allbery wrote:
> > Do we have a feel for how astronomically unlucky you have to get?  If it's
> > really astronomical, it's probably not worth worrying about.  (My general
> > rule of thumb on that sort of thing is that if the chances of a collision
> > are lower than the chances of hardware failure during the course of the
> > operation, it's probably not worth taking any special safeguards.)
> 
> By that line of thinking, ssh-keygen shouldn't bother checking its
> system calls either. Probability of system call failure is roughly
> equaly to the probability of hardware failure.

My back-of-the-envelope calculation is that you need something
approaching 10^80 key generations to have been performed before the risk
of having one key in the broken space from any of them becomes
non-negligible. I think that's astronomical enough that I'm not going to
worry too much.

This is based on some rules of reckoning that I haven't verified or even
made entirely sure that I've applied correctly, BTW (density of primes,
risk analysis, rough guess at the behaviour of OpenSSL's entropy
gathering, etc.), so please take that with a pinch of salt. I might be
completely wrong and I'm not sure this dodgy calculation should prevent
us implementing Joey's suggestion anyway.

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Re: Accepted openssh 1:4.7p1-9 (source all i386)
  - From: Joey Hess <joeyh@debian.org>
- Re: Accepted openssh 1:4.7p1-9 (source all i386)
  - From: Joey Hess <joeyh@debian.org>

References:
- Accepted openssh 1:4.7p1-9 (source all i386)
  - From: Colin Watson <cjwatson@debian.org>
- Re: Accepted openssh 1:4.7p1-9 (source all i386)
  - From: Joey Hess <joeyh@debian.org>
- Re: Accepted openssh 1:4.7p1-9 (source all i386)
  - From: Russ Allbery <rra@debian.org>
- Re: Accepted openssh 1:4.7p1-9 (source all i386)
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: Accepted openssh 1:4.7p1-9 (source all i386)
Next by Date: Re: Accepted openssh 1:4.7p1-9 (source all i386)
Previous by thread: Re: Accepted openssh 1:4.7p1-9 (source all i386)
Next by thread: Re: Accepted openssh 1:4.7p1-9 (source all i386)
Index(es):
- Date
- Thread