From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 16:07:31 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0FC28106567A for ; Sun, 24 Jun 2012 16:07:31 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id AF4218FC12 for ; Sun, 24 Jun 2012 16:07:30 +0000 (UTC) Received: by vbmv11 with SMTP id v11so1999526vbm.13 for ; Sun, 24 Jun 2012 09:07:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=7wY24wAWOAGu6xupL8AnqXGDHKtfm90HKzYUi7TxoH8=; b=ZynXqCXBuBQ5icDPb6N/sa7W5bTj6xhWXEyUXnF74xbJ3Ocnme+0ErpW7Ts81STPIx LjHU/+0BiR3FNyqxxR1MIf6AuncoA1HLrrfh80tW4jw2cEt2+12wBAIQSNeT1ZoM4V4y QXnJpekfQvpZng+ImT8ZWt11EjhraXYOgyYZExAuj3ulLWMYL3ijqU7z9n5ue+Xz9nEb 9MOhFUVDgtnhh+2SxTbjhxYQpzpAIIgYUIp48caqgsD7FUPLPRIwPcfqXppUBocBedSf s89tJWtVNrWXdYmi/hrPs3+7ch6jI7LIlztaXlpHYbMgqeCublwMRrEurji2KovQddze SzpQ== MIME-Version: 1.0 Received: by 10.220.242.6 with SMTP id lg6mr5777733vcb.18.1340554044622; Sun, 24 Jun 2012 09:07:24 -0700 (PDT) Received: by 10.52.16.148 with HTTP; Sun, 24 Jun 2012 09:07:24 -0700 (PDT) Date: Sun, 24 Jun 2012 12:07:24 -0400 Message-ID: From: Robert Simmons To: freebsd-security@freebsd.org Content-Type: multipart/mixed; boundary=14dae9ccd488a1c86204c33a0f0d Subject: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 16:07:31 -0000 --14dae9ccd488a1c86204c33a0f0d Content-Type: text/plain; charset=ISO-8859-1 Here is a set of patches that add functionality to rc.conf allowing users an easy way to control the length of the host keys used with ssh (specifically RSA and ECDSA used with protocol version 2). I would like to also discuss the merits of changing FreeBSD's default behavior to using 4096 bit RSA keys and 521 bit ECDSA keys. I have refrained from changing FreeBSD's default behavior in these patches and stuck to just adding configurability. Please let me know if you see any problems with these patches. --14dae9ccd488a1c86204c33a0f0d Content-Type: application/octet-stream; name="rc.conf.5.diff" Content-Disposition: attachment; filename="rc.conf.5.diff" Content-Transfer-Encoding: base64 X-Attachment-Id: f_h3ub8vsg0 LS0tIHNyYy9zaGFyZS9tYW4vbWFuNS9yYy5jb25mLjUub2xkCTIwMTItMDYtMjQgMTE6MjY6MzAu MzY3MzYxOTY5IC0wNDAwCisrKyBzcmMvc2hhcmUvbWFuL21hbjUvcmMuY29uZi41CTIwMTItMDYt MjQgMTE6NDk6NTAuNDExMzM0NDc5IC0wNDAwCkBAIC0zNjY0LDYgKzM2NjQsMzIgQEAKIHRoZXNl IGFyZSB0aGUgZmxhZ3MgdG8gcGFzcyB0byB0aGUKIC5YciBzc2hkIDgKIGRhZW1vbi4KKy5JdCBW YSByc2Ffa2V5c2l6ZV9mbGFnCisuUHEgVnQgc3RyCitJZgorLlZhIHNzaGRfZW5hYmxlCitpcyBz ZXQgdG8KKy5EcSBMaSBZRVMgLAordGhpcyBpcyB0aGUgZmxhZyB0byBwYXNzIHRvCisuWHIgc3No LWtleWdlbiAxCit0aGF0IHNwZWNpZmllcyB0aGUgbnVtYmVyIG9mIGJpdHMgdG8gY3JlYXRlIGlu IHRoZSBSU0EgaG9zdCBrZXkgdXNlZCB3aXRoIHNzaAorcHJvdG9jb2wgdmVyc2lvbiAyLgorVGhl IG1pbmltdW0gc2l6ZSBpcyA3NjggYml0cywgYW5kIHRoZSBkZWZhdWx0IGlzIDIwNDggYml0cy4K K0dlbmVyYWxseSwgMjA0OCBiaXRzIGlzIGNvbnNpZGVyZWQgc3VmZmljaWVudCwgYnV0IHRoZSBt YXhpbXVtIGlzIDQwOTYgYml0cy4KK0xlYXZpbmcgdGhpcyBlbXB0eSB3aWxsIHNldCB0aGUgc2l6 ZSB0byBkZWZhdWx0LgorLkl0IFZhIGVjZHNhX2tleXNpemVfZmxhZworLlBxIFZ0IHN0cgorSWYK Ky5WYSBzc2hkX2VuYWJsZQoraXMgc2V0IHRvCisuRHEgTGkgWUVTICwKK3RoaXMgaXMgdGhlIGZs YWcgdG8gcGFzcyB0bworLlhyIHNzaC1rZXlnZW4gMQordGhhdCBkZXRlcm1pbmVzIHRoZSBrZXkg bGVuZ3RoIGJ5IHNlbGVjdGluZyBmcm9tIG9uZSBvZiB0aHJlZSBlbGxpcHRpYyBjdXJ2ZQorc2l6 ZXMgdXNlZCB0byBnZW5lcmF0ZSB0aGUgRUNEU0Ega2V5IHVzZWQgd2l0aCBzc2ggcHJvdG9jb2wg dmVyc2lvbiAyLgorVGhlIHRocmVlIGNob2ljZXMgYXJlIDI1NiwgMzg0LCBhbmQgNTIxIGJpdHMg d2l0aCAyNTYgYml0cyBiZWluZyB0aGUgZGVmYXVsdC4KK0F0dGVtcHRpbmcgdG8gdXNlIGJpdCBs ZW5ndGhzIG90aGVyIHRoYW4gdGhlc2UgdGhyZWUgdmFsdWVzIHdpbGwgZmFpbC4KK0xlYXZpbmcg dGhpcyBlbXB0eSB3aWxsIHNldCB0aGUgc2l6ZSB0byBkZWZhdWx0LgogLkl0IFZhIGZ0cGRfcHJv Z3JhbQogLlBxIFZ0IHN0cgogUGF0aCB0byB0aGUgRlRQIHNlcnZlciBwcm9ncmFtCg== --14dae9ccd488a1c86204c33a0f0d Content-Type: application/octet-stream; name="rc.conf.diff" Content-Disposition: attachment; filename="rc.conf.diff" Content-Transfer-Encoding: base64 X-Attachment-Id: f_h3ub90xm1 LS0tIHNyYy9ldGMvZGVmYXVsdHMvcmMuY29uZi5vbGQJMjAxMi0wNi0yNCAxMToxNzozMy4wOTUz NzI1MTggLTA0MDAKKysrIHNyYy9ldGMvZGVmYXVsdHMvcmMuY29uZgkyMDEyLTA2LTI0IDExOjUz OjQ3LjI4MzMyOTgzMCAtMDQwMApAQCAtMzE2LDYgKzMxNiw4IEBACiBzc2hkX2VuYWJsZT0iTk8i CQkjIEVuYWJsZSBzc2hkCiBzc2hkX3Byb2dyYW09Ii91c3Ivc2Jpbi9zc2hkIgkjIHBhdGggdG8g c3NoZCwgaWYgeW91IHdhbnQgYSBkaWZmZXJlbnQgb25lLgogc3NoZF9mbGFncz0iIgkJCSMgQWRk aXRpb25hbCBmbGFncyBmb3Igc3NoZC4KK3JzYV9rZXlzaXplX2ZsYWc9IiIJCSMga2V5c2l6ZSBm bGFnIGZvciBzc2gta2V5Z2VuLCB2MiBSU0Ega2V5cworZWNkc2Ffa2V5c2l6ZV9mbGFnPSIiCQkj IGtleXNpemUgZmxhZyBmb3Igc3NoLWtleWdlbiwgdjIgRUNEU0Ega2V5cwogZnRwZF9lbmFibGU9 Ik5PIgkJIyBFbmFibGUgc3RhbmQtYWxvbmUgZnRwZC4KIGZ0cGRfcHJvZ3JhbT0iL3Vzci9saWJl eGVjL2Z0cGQiICMgUGF0aCB0byBmdHBkLCBpZiB5b3Ugd2FudCBhIGRpZmZlcmVudCBvbmUuCiBm dHBkX2ZsYWdzPSIiCQkJIyBBZGRpdGlvbmFsIGZsYWdzIHRvIHN0YW5kLWFsb25lIGZ0cGQuCg== --14dae9ccd488a1c86204c33a0f0d Content-Type: application/octet-stream; name="sshd.diff" Content-Disposition: attachment; filename="sshd.diff" Content-Transfer-Encoding: base64 X-Attachment-Id: f_h3ub95ef2 LS0tIHNyYy9ldGMvcmMuZC9zc2hkLm9sZAkyMDEyLTA2LTI0IDExOjU0OjUxLjIzNTMyODU3NCAt MDQwMAorKysgc3JjL2V0Yy9yYy5kL3NzaGQJMjAxMi0wNi0yNCAxMTo1Njo0OS44MzUzMjYyNDUg LTA0MDAKQEAgLTc0LDcgKzc0LDggQEAKIAkJICAgICJpbiAvZXRjL3NzaC9zc2hfaG9zdF9yc2Ff a2V5IgogCQllY2hvICJTa2lwcGluZyBwcm90b2NvbCB2ZXJzaW9uIDIgUlNBIEtleSBHZW5lcmF0 aW9uIgogCWVsc2UKLQkJL3Vzci9iaW4vc3NoLWtleWdlbiAtdCByc2EgLWYgL2V0Yy9zc2gvc3No X2hvc3RfcnNhX2tleSAtTiAnJworCQkvdXNyL2Jpbi9zc2gta2V5Z2VuICR7cnNhX2tleXNpemVf ZmxhZ30gLXQgcnNhIFwKKwkJICAgIC1mIC9ldGMvc3NoL3NzaF9ob3N0X3JzYV9rZXkgLU4gJycK IAlmaQogCiAJaWYgWyAtZiAvZXRjL3NzaC9zc2hfaG9zdF9lY2RzYV9rZXkgXTsgdGhlbgpAQCAt ODIsNyArODMsOCBAQAogCQkgICAgImluIC9ldGMvc3NoL3NzaF9ob3N0X2VjZHNhX2tleSIKIAkJ ZWNobyAiU2tpcHBpbmcgcHJvdG9jb2wgdmVyc2lvbiAyIEVDRFNBIEtleSBHZW5lcmF0aW9uIgog CWVsc2UKLQkJL3Vzci9iaW4vc3NoLWtleWdlbiAtdCBlY2RzYSAtZiAvZXRjL3NzaC9zc2hfaG9z dF9lY2RzYV9rZXkgLU4gJycKKwkJL3Vzci9iaW4vc3NoLWtleWdlbiAke2VjZHNhX2tleXNpemVf ZmxhZ30gLXQgZWNkc2EgXAorCQkgICAgLWYgL2V0Yy9zc2gvc3NoX2hvc3RfZWNkc2Ffa2V5IC1O ICcnCiAJZmkKIAkpCiB9Cg== --14dae9ccd488a1c86204c33a0f0d-- From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 16:34:09 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A773D1065679 for ; Sun, 24 Jun 2012 16:34:09 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) by mx1.freebsd.org (Postfix) with ESMTP id 2FD758FC12 for ; Sun, 24 Jun 2012 16:34:09 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 280C925D39FD; Sun, 24 Jun 2012 16:34:08 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 4302EBE84EF; Sun, 24 Jun 2012 16:34:07 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id wQcH-0wG4_A5; Sun, 24 Jun 2012 16:34:06 +0000 (UTC) Received: from orange-en1.sbone.de (orange-en1.sbone.de [IPv6:fde9:577b:c1a9:31:cabc:c8ff:fecf:e8e3]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id D62A9BE84ED; Sun, 24 Jun 2012 16:34:05 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: "Bjoern A. Zeeb" In-Reply-To: Date: Sun, 24 Jun 2012 16:34:04 +0000 Content-Transfer-Encoding: 7bit Message-Id: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> References: To: Robert Simmons X-Mailer: Apple Mail (2.1084) Cc: freebsd-security@freebsd.org Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 16:34:09 -0000 On 24. Jun 2012, at 16:07 , Robert Simmons wrote: > Here is a set of patches that add functionality to rc.conf allowing > users an easy way to control the length of the host keys used with ssh > (specifically RSA and ECDSA used with protocol version 2). Created for, not used with -- right? The used with is controlled in sshd_config and if the key is not there but it's enabled in sshd_config you'll get a warning on boot which is very annoying. > I would like to also discuss the merits of changing FreeBSD's default > behavior to using 4096 bit RSA keys and 521 bit ECDSA keys. > > I have refrained from changing FreeBSD's default behavior in these > patches and stuck to just adding configurability. Do we differ from what the OpenSSH defaults are? /bz -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do! From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 16:59:25 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7A5511065679 for ; Sun, 24 Jun 2012 16:59:25 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 2136C8FC08 for ; Sun, 24 Jun 2012 16:59:25 +0000 (UTC) Received: by yenl8 with SMTP id l8so2769469yen.13 for ; Sun, 24 Jun 2012 09:59:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=ULA5Qr1bNxCdQQmlBvt5sr2YQtR9Kwtq60LeHu5nSJI=; b=aCZenxMypHuS2G3hn0ImI9gljGP5+lqOKgK3/nr8dvZ23Bjs8R9HDkBYEH6ikXBVKY 2cfpM1D1kIwk4L0gml3pC2kPbiwxDwR+nY4Hma9nMA7j/om7x87defImckf2dQlgEnFK 7pVoknbfAFmJ0ndymVhpUbgaWumcENvwr0NtU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=ULA5Qr1bNxCdQQmlBvt5sr2YQtR9Kwtq60LeHu5nSJI=; b=AaCP07BpDVuM/4AeB7fKpHL8WQJca2fOBiJGV4bZrxa5m7ZK3iqAu8X0ieXoSlN2MR r9Firp8mzVNi2SDBK7h0WtLUD9UoYZX8sdtbAGf65xNZTUL1h6jlwVWpukRSFS1xWFkP 2dAy/ZQjAhPooWTMnxN0udkksdzrUJuAz8ojJ23tIFTDATQ5ywqn50D8jdr11XrJ6ODe EcHVddUucGrq/CkO2HTSW0JS1iquwNcZ9YSo4sNnCLUBzvSZSoX9UCq4vYbQQJ28vum+ Vy4pDg4m8V7aKA6h6/g9DyeMP0DGq4QI3VLg3aIynGxOYbCC4TxZkAqAj/rzirhJ0A2u iHPg== Received: by 10.42.199.5 with SMTP id eq5mr3895513icb.40.1340557164245; Sun, 24 Jun 2012 09:59:24 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id k6sm4447306igz.9.2012.06.24.09.59.22 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 24 Jun 2012 09:59:23 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5OGxLWH007529 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 24 Jun 2012 12:59:21 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5OGxLWc007528; Sun, 24 Jun 2012 12:59:21 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Sun, 24 Jun 2012 12:59:20 -0400 From: "J. Hellenthal" To: "Bjoern A. Zeeb" Message-ID: <20120624165920.GA85913@DataIX.net> References: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> X-Gm-Message-State: ALoCoQnCTVTrcl8zRz5uZVSIC6Ps50p0dFM7RsRDR1JwaZoV5zrD8IxQz60Yw8FfqDcHoUVt1wv2 Cc: freebsd-security@freebsd.org, Robert Simmons Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 16:59:25 -0000 On Sun, Jun 24, 2012 at 04:34:04PM +0000, Bjoern A. Zeeb wrote: > > On 24. Jun 2012, at 16:07 , Robert Simmons wrote: > > > Here is a set of patches that add functionality to rc.conf allowing > > users an easy way to control the length of the host keys used with ssh > > (specifically RSA and ECDSA used with protocol version 2). > > Created for, not used with -- right? > > The used with is controlled in sshd_config and if the key is not there > but it's enabled in sshd_config you'll get a warning on boot which is > very annoying. > > > > I would like to also discuss the merits of changing FreeBSD's default > > behavior to using 4096 bit RSA keys and 521 bit ECDSA keys. > > > > I have refrained from changing FreeBSD's default behavior in these > > patches and stuck to just adding configurability. > > Do we differ from what the OpenSSH defaults are? > Defaults being ... 2048 RSA 1024 DSA 256 ECDSA These are more then sufficient for any normal ssh use. -- - (2^(N-1)) From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 17:14:09 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F0F8C1065677 for ; Sun, 24 Jun 2012 17:14:08 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id A5A118FC08 for ; Sun, 24 Jun 2012 17:14:08 +0000 (UTC) Received: by vcbfy7 with SMTP id fy7so2015315vcb.13 for ; Sun, 24 Jun 2012 10:14:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=3OSpYHLyqKgIcgBIjQ40NrjKXIVc0cqZXhSX1ok1ZAk=; b=Pnoj+3pq7pTgoyhXvVBc29tR42C9Te0IATWZoyZq5U0leA6wlITcdHwxanGof6iwkl CdNM1Zt/3LxF/a1vD3/ebYhsT/lbL4RerdPFm8EnxNAVK4ZQFpHHZb3bEynDM2EdLnbM TFMz6UHTJsYNNQO7dwAqFQm33JXc131HRJ9WYXQvojav9PU+1KFYfXfb8IzhEM/Jfmyi FdEO4VykmcrzgO0NMQAE4Ua2RtSYdjbOBzYqfRcEpASggIW3JY7dV4jSO6NsXdui14TE ijhEp7YPu8bIj7ZGxxLDO2Lcvh2UJuQiuncl+l6Q5ezUBmRQjsIfSAcYq79jMZ8yDk35 9t4w== MIME-Version: 1.0 Received: by 10.220.149.148 with SMTP id t20mr5835055vcv.12.1340558042305; Sun, 24 Jun 2012 10:14:02 -0700 (PDT) Received: by 10.52.16.148 with HTTP; Sun, 24 Jun 2012 10:14:02 -0700 (PDT) In-Reply-To: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> References: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> Date: Sun, 24 Jun 2012 13:14:02 -0400 Message-ID: From: Robert Simmons To: freebsd-security@freebsd.org Content-Type: multipart/mixed; boundary=f46d04374987e9965904c33afd9f Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 17:14:09 -0000 --f46d04374987e9965904c33afd9f Content-Type: text/plain; charset=ISO-8859-1 On Sun, Jun 24, 2012 at 12:34 PM, Bjoern A. Zeeb wrote: > On 24. Jun 2012, at 16:07 , Robert Simmons wrote: >> Here is a set of patches that add functionality to rc.conf allowing >> users an easy way to control the length of the host keys used with ssh >> (specifically RSA and ECDSA used with protocol version 2). > > Created for, not used with -- right? Yes, created for. I have updated the patch to reflect this and attached the new patch. Good eye, thanks. > The used with is controlled in sshd_config and if the key is not there > but it's enabled in sshd_config you'll get a warning on boot which is > very annoying. No. Actually, "used with" is not controlled in sshd_config. Only the path to the key files is controlled by that config. The sshd_flags variable in rc.conf is what controls "used with". For example, on my installs, I only want to use the ECDSA key and not present any other protocol v2 keys to clients, thereby restricting it to ECDSA. The only way to go about this is to set the following: sshd_flags="-h /etc/ssh/ssh_host_ecdsa_key" Take a look at sshd(8), specifically the -h option for clarification. >> I would like to also discuss the merits of changing FreeBSD's default >> behavior to using 4096 bit RSA keys and 521 bit ECDSA keys. >> >> I have refrained from changing FreeBSD's default behavior in these >> patches and stuck to just adding configurability. > > Do we differ from what the OpenSSH defaults are? No, we don't differ from OpenSSH defaults in regards to key sizes. --f46d04374987e9965904c33afd9f Content-Type: application/octet-stream; name="rc.conf.5.diff" Content-Disposition: attachment; filename="rc.conf.5.diff" Content-Transfer-Encoding: base64 X-Attachment-Id: f_h3udkh0a0 LS0tIHNyYy9zaGFyZS9tYW4vbWFuNS9yYy5jb25mLjUub2xkCTIwMTItMDYtMjQgMTE6MjY6MzAu MzY3MzYxOTY5IC0wNDAwCisrKyBzcmMvc2hhcmUvbWFuL21hbjUvcmMuY29uZi41CTIwMTItMDYt MjQgMTM6MTA6NDkuNzQ3MjM5MDc0IC0wNDAwCkBAIC0zNjY0LDYgKzM2NjQsMzIgQEAKIHRoZXNl IGFyZSB0aGUgZmxhZ3MgdG8gcGFzcyB0byB0aGUKIC5YciBzc2hkIDgKIGRhZW1vbi4KKy5JdCBW YSByc2Ffa2V5c2l6ZV9mbGFnCisuUHEgVnQgc3RyCitJZgorLlZhIHNzaGRfZW5hYmxlCitpcyBz ZXQgdG8KKy5EcSBMaSBZRVMgLAordGhpcyBpcyB0aGUgZmxhZyB0byBwYXNzIHRvCisuWHIgc3No LWtleWdlbiAxCit0aGF0IHNwZWNpZmllcyB0aGUgbnVtYmVyIG9mIGJpdHMgdG8gY3JlYXRlIGlu IHRoZSBSU0EgaG9zdCBrZXkgZ2VuZXJhdGVkIGZvcgorc3NoIHByb3RvY29sIHZlcnNpb24gMi4K K1RoZSBtaW5pbXVtIHNpemUgaXMgNzY4IGJpdHMsIGFuZCB0aGUgZGVmYXVsdCBpcyAyMDQ4IGJp dHMuCitHZW5lcmFsbHksIDIwNDggYml0cyBpcyBjb25zaWRlcmVkIHN1ZmZpY2llbnQsIGJ1dCB0 aGUgbWF4aW11bSBpcyA0MDk2IGJpdHMuCitMZWF2aW5nIHRoaXMgZW1wdHkgd2lsbCBzZXQgdGhl IHNpemUgdG8gZGVmYXVsdC4KKy5JdCBWYSBlY2RzYV9rZXlzaXplX2ZsYWcKKy5QcSBWdCBzdHIK K0lmCisuVmEgc3NoZF9lbmFibGUKK2lzIHNldCB0bworLkRxIExpIFlFUyAsCit0aGlzIGlzIHRo ZSBmbGFnIHRvIHBhc3MgdG8KKy5YciBzc2gta2V5Z2VuIDEKK3RoYXQgZGV0ZXJtaW5lcyB0aGUg a2V5IGxlbmd0aCBieSBzZWxlY3RpbmcgZnJvbSBvbmUgb2YgdGhyZWUgZWxsaXB0aWMgY3VydmUK K3NpemVzIHVzZWQgdG8gY3JlYXRlIHRoZSBFQ0RTQSBrZXkgZ2VuZXJhdGVkIGZvciBzc2ggcHJv dG9jb2wgdmVyc2lvbiAyLgorVGhlIHRocmVlIGNob2ljZXMgYXJlIDI1NiwgMzg0LCBhbmQgNTIx IGJpdHMgd2l0aCAyNTYgYml0cyBiZWluZyB0aGUgZGVmYXVsdC4KK0F0dGVtcHRpbmcgdG8gdXNl IGJpdCBsZW5ndGhzIG90aGVyIHRoYW4gdGhlc2UgdGhyZWUgdmFsdWVzIHdpbGwgZmFpbC4KK0xl YXZpbmcgdGhpcyBlbXB0eSB3aWxsIHNldCB0aGUgc2l6ZSB0byBkZWZhdWx0LgogLkl0IFZhIGZ0 cGRfcHJvZ3JhbQogLlBxIFZ0IHN0cgogUGF0aCB0byB0aGUgRlRQIHNlcnZlciBwcm9ncmFtCg== --f46d04374987e9965904c33afd9f-- From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 17:26:23 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 06A6E1065677 for ; Sun, 24 Jun 2012 17:26:23 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id AC3348FC08 for ; Sun, 24 Jun 2012 17:26:22 +0000 (UTC) Received: by vbmv11 with SMTP id v11so2020480vbm.13 for ; Sun, 24 Jun 2012 10:26:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=01p0W4oir/sh6AdvTkZV3ukfWM3NP/8M604NJQu5ZRk=; b=f8f3eK9aOZda75F00h4gKPComibzq28xPC69hl/m2QzccV0sNQngN5A6t6SgpqtVGX 5K5MGY+nBGnT8SL9fdnR2JAuyjuYePqE9WWtRU5BArroboeCiQmJEs/wPR4QxT37QHWF vSi6j/2kvhjsHGtWEK+7XtbShO4ddQTxpG3AmNSkaARb+MucaKeafCYF0GIKFYqCWuUU G49k8FJlIdyskZhHm+jSZKWAVyHscfU7Dm3N3pqDymkP7XGM2EHCm0uE25ZUbtN+Iwef MUxxpO0UJvM9KI9sccF9TB2QvTqKCyMBebYpjTF6kTwheVN5Kvxb0eq9mgWqn5y4Yo3z zhUA== MIME-Version: 1.0 Received: by 10.221.9.197 with SMTP id ox5mr5835631vcb.17.1340558781976; Sun, 24 Jun 2012 10:26:21 -0700 (PDT) Received: by 10.52.16.148 with HTTP; Sun, 24 Jun 2012 10:26:21 -0700 (PDT) In-Reply-To: <20120624165920.GA85913@DataIX.net> References: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> <20120624165920.GA85913@DataIX.net> Date: Sun, 24 Jun 2012 13:26:21 -0400 Message-ID: From: Robert Simmons To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 17:26:23 -0000 On Sun, Jun 24, 2012 at 12:59 PM, J. Hellenthal wrote: > These are more then sufficient for any normal ssh use. I'm sorry if I sound rude, but I wanted to have a bit more of a substantive discussion than quoting the man pages. Especially since what you are quoting dates back to a change to src/crypto/openssh/ssh-keygen.1 dated the following: Sun Sep 11 16:50:35 2005 UTC (6 years, 9 months ago) by des Being that the old "considered sufficient" of 1024 was added at the following revision date: Thu Feb 24 14:29:46 2000 UTC (12 years, 4 months ago) by markm I would say that we are exactly due for a real discussion as to what should be considered sufficient with regards to modern processors and GPUs. From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 18:15:47 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 220071065670 for ; Sun, 24 Jun 2012 18:15:47 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id BE3C28FC16 for ; Sun, 24 Jun 2012 18:15:46 +0000 (UTC) Received: by obbun3 with SMTP id un3so6687407obb.13 for ; Sun, 24 Jun 2012 11:15:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=UNRl/5R953gNRUzoc7MGXd0KJrEQZTMhkCInLwP51k4=; b=XG6yY+Or9tKI2H/7EGTUOllTBo5odCRG8wt7cM6rPg1rU6Jo5Hlko+xXdZwXN6zoLE E6BzHTNrKJi4qrVTcn5h3AZeNBCvMs4IIEUxvDS+UgrnRzSnbvr9ncMadaR57vghe5rI qqC6YOJZ8J+s9GutJott4LjySR5LynCYSlKtU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=UNRl/5R953gNRUzoc7MGXd0KJrEQZTMhkCInLwP51k4=; b=O3Mp4yHjmRMARf6Gv2u9czFQ4oQqQIVPzfIFRrByOGoEsPQgKzlzp8GrwGnHaOt734 MfA6OLLzfy3R6XjWf9Uf0/ABGOoZhyDuVPiEG4hI4LJBgg/0HG9WW0XYOGhKCFfa+3oj jewtBJuA/PltRb9UCB+fWV9zbzuKXs1V95m/eHKHAj2NkZI/2BZQMuCFZgfah2oAd0Ah ZjlJbr1V3xsfyxaGrbDHGMWgeAQR0da0mnV1nFtE6orpkeDzzpKQ221STOwmUczzup/w RO13gOtwWOcrgKZgnXXzYlLpHbzBsnIg/URfdX5OVqFU/2P9FYP7efXLP9XDpqaWfwVk 3gaA== Received: by 10.50.94.133 with SMTP id dc5mr6381923igb.16.1340561746197; Sun, 24 Jun 2012 11:15:46 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id dw5sm4607933igc.6.2012.06.24.11.15.45 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 24 Jun 2012 11:15:45 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5OIFhPO004706 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 24 Jun 2012 14:15:43 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5OIFh3b004705; Sun, 24 Jun 2012 14:15:43 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Sun, 24 Jun 2012 14:15:43 -0400 From: "J. Hellenthal" To: Robert Simmons Message-ID: <20120624181543.GA3652@DataIX.net> References: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> <20120624165920.GA85913@DataIX.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="J/dobhs11T7y2rNN" Content-Disposition: inline In-Reply-To: X-Gm-Message-State: ALoCoQlc06tp3IWekF8j4XAYHzq+lz56GC/qmOdr2oz17y8CClex/BWz6uEUMDY6q+A5JWGatHP3 Cc: freebsd-security@freebsd.org Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 18:15:47 -0000 --J/dobhs11T7y2rNN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jun 24, 2012 at 01:26:21PM -0400, Robert Simmons wrote: > On Sun, Jun 24, 2012 at 12:59 PM, J. Hellenthal = wrote: > > These are more then sufficient for any normal ssh use. >=20 > I'm sorry if I sound rude, but I wanted to have a bit more of a > substantive discussion than quoting the man pages. Especially since > what you are quoting dates back to a change to > src/crypto/openssh/ssh-keygen.1 dated the following: > Sun Sep 11 16:50:35 2005 UTC (6 years, 9 months ago) by des >=20 > Being that the old "considered sufficient" of 1024 was added at the > following revision date: > Thu Feb 24 14:29:46 2000 UTC (12 years, 4 months ago) by markm >=20 There is nothing stopping you from changing a key after the system has booted e.g. by using the rc script itself if you feel it is not sufficient. Given OpenBSD is usually always on the far safe side of things taking the security approach before simplicity I would extremely agree that it is more than sufficient. But then again what is good for the masses it not always good enough for the security paranoid and giving credit to such is what keeps everyone safe. ( /usr/local/etc/rc.d/openssh keygen ) # regenerate your keys Which should generate a new set of keys, keeping you safe for another X amount of years. - or - ssh-keygen -f rsa -b [NNNN] -f /usr/local/etc/ssh/ssh_host_rsa_key But the intitial key being the default? its sufficient to get you in and started on a remote system. > I would say that we are exactly due for a real discussion as to what > should be considered sufficient with regards to modern processors and > GPUs. Unfortunately I see that as a different thread "Hardware potential to duplicate existing host keys... RSA DSA ECDSA" --=20 - (2^(N-1)) --J/dobhs11T7y2rNN Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJP51lOAAoJEBSh2Dr1DU7W/lAH/RDpLU4Tpmn76PN/4S5tlMkA RPKe62Yd4Pa5nAMdJ9OWGs4XV/aWgIdqNQN2hfY84QfBGAW3cJWBjw7H6hFjKv5d UPfl37dj5PbAU4nmM5Yc3QVoXy8BdTKpAbQo6vXSZBW7IkLE9aCLCeSnEoXXG72a n+3tElFpgzX4HsR0gf3BwxR/3FjGh2jxvXUagIjJ/pLpkC0JwBdwctBFZju9LRJ4 rCeK3PAKmTZEogzZQ5XE6nNSXV0nCRFk/BhTcUHtuwlto8GWU+r3qPsqnpL0IDzb 70YMUiboK2lR9GFULtQbjRuibpLUco4jIsFI76gfA8k1XQQ3le4LNhPIFkTYrYo= =Upa3 -----END PGP SIGNATURE----- --J/dobhs11T7y2rNN-- From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 18:26:02 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D7378106566C for ; Sun, 24 Jun 2012 18:26:02 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 8BDF68FC1A for ; Sun, 24 Jun 2012 18:26:02 +0000 (UTC) Received: by vbmv11 with SMTP id v11so2035387vbm.13 for ; Sun, 24 Jun 2012 11:26:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=unwQ+QanYcvX+cYNlM2gwajXaEcfrOFWEeDcUAdJt+o=; b=kRwfkIH3nf8j9AA/hoMq+1PQq3Q+F1THJscwlodtyiSzdvmMkJqd9BBWfhBMwW5lM5 qqlFVU/oyTaupfTyd0QA3as4Elbi7EBLnv3l5i8RxJ+tWdKMpVxL8etXGED3hA7WI6nX yDTWBB93RVvXQ9xnGldgB159ArswjchkH9BlPgvbCgJPx400YHC0LuiZXhZUdYYkG99j pMncSLum2zhpPVGM0W0uOtIFMCnq/tCzjEAOKlr+iPFc5jgI4hw8Oox+lAykERWAfZf7 Ojmfye53rfmBiQ2ZLF5ODJlxmpAH1JyKPnduD/ntcVd6es63a8tZPXRVlzr8fGQbHD5Q pBYw== MIME-Version: 1.0 Received: by 10.220.242.6 with SMTP id lg6mr5972702vcb.18.1340562362054; Sun, 24 Jun 2012 11:26:02 -0700 (PDT) Received: by 10.52.16.148 with HTTP; Sun, 24 Jun 2012 11:26:02 -0700 (PDT) In-Reply-To: <20120624181543.GA3652@DataIX.net> References: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> <20120624165920.GA85913@DataIX.net> <20120624181543.GA3652@DataIX.net> Date: Sun, 24 Jun 2012 14:26:02 -0400 Message-ID: From: Robert Simmons To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 18:26:02 -0000 On Sun, Jun 24, 2012 at 2:15 PM, J. Hellenthal wro= te: > On Sun, Jun 24, 2012 at 01:26:21PM -0400, Robert Simmons wrote: >> On Sun, Jun 24, 2012 at 12:59 PM, J. Hellenthal = wrote: >> > These are more then sufficient for any normal ssh use. >> >> I'm sorry if I sound rude, but I wanted to have a bit more of a >> substantive discussion than quoting the man pages. =A0Especially since >> what you are quoting dates back to a change to >> src/crypto/openssh/ssh-keygen.1 dated the following: >> Sun Sep 11 16:50:35 2005 UTC (6 years, 9 months ago) by des >> >> Being that the old "considered sufficient" of 1024 was added at the >> following revision date: >> Thu Feb 24 14:29:46 2000 UTC (12 years, 4 months ago) by markm >> > > There is nothing stopping you from changing a key after the system has > booted e.g. by using the rc script itself if you feel it is not > sufficient. Almost. If you use /etc/rc.d/ssh keygen all you will get is the default sizes again. If you apply the patches I've suggested earlier, this can be used to change the keys to your liking. As I said, my patches don't change the default, they just add knobs to rc.conf that allow /etc/rc.d/ssh keygen to work as someone would want it to work if they want different key sizes. > Given OpenBSD is usually always on the far safe side of things taking > the security approach before simplicity I would extremely agree that it > is more than sufficient. > > But then again what is good for the masses it not always good enough for > the security paranoid and giving credit to such is what keeps everyone > safe. > > ( /usr/local/etc/rc.d/openssh keygen ) # regenerate your keys > > Which should generate a new set of keys, keeping you safe for another X > amount of years. > > =A0- or - > > ssh-keygen -f rsa -b [NNNN] -f /usr/local/etc/ssh/ssh_host_rsa_key See above. I've included patches that simplify this. > But the intitial key being the default? its sufficient to get you in and > started on a remote system. > >> I would say that we are exactly due for a real discussion as to what >> should be considered sufficient with regards to modern processors and >> GPUs. > > Unfortunately I see that as a different thread "Hardware potential to > duplicate existing host keys... RSA DSA ECDSA" I see it as related directly to why or why not 2048 is sufficient. Do you have an argument for the 2048 default based on something more than OpenBSD does it? From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 18:34:46 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3AA971065670 for ; Sun, 24 Jun 2012 18:34:46 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id E9DA88FC0A for ; Sun, 24 Jun 2012 18:34:45 +0000 (UTC) Received: by vcbfy7 with SMTP id fy7so2035366vcb.13 for ; Sun, 24 Jun 2012 11:34:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=7HOXBiTc5Vqb6rRgyDk2vPc+vbuoVFcs1CTkQ077oEY=; b=WtXXFOXy0+1j2jytfS7DoyKglu8ARVr2PW+mfdf5wRgJl4Usl94FRiGxiKBlKNQRgT DyYIIVdhUEF8cwKwIsdGEt1tB2mJKazeacKJahfgn5BYJWDokgP6D6diK295+6RQGChf uuTFD042xhwy07prW7S+cZMvaBkwQjYu/XeHRAQUpArlcwT23bAMAfTGj/HR9/aJ85Py MiNw0ysi3BmpnfZ9ieVSh80rPmwQ9mURqocLGOPRXiWR5hGeNKdGBBg5g9flmMfe+uTh CI+LP2qR62KQ5MwfY9M2a2DXAmOiZit5IfDaOWlNc71E7yi4gymgcw1DpNBz1cBHFvJI a/Bw== MIME-Version: 1.0 Received: by 10.52.35.66 with SMTP id f2mr4962282vdj.31.1340562885315; Sun, 24 Jun 2012 11:34:45 -0700 (PDT) Received: by 10.52.16.148 with HTTP; Sun, 24 Jun 2012 11:34:45 -0700 (PDT) Date: Sun, 24 Jun 2012 14:34:45 -0400 Message-ID: From: Robert Simmons To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 18:34:46 -0000 In light of advanced in processors and GPUs, what is the potential for duplication of RSA, DSA, and ECDSA keys at the current default key lengths (2048, 1024, and 256 respectively)? From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 18:35:20 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1E87910656D6 for ; Sun, 24 Jun 2012 18:35:20 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id C09D68FC1B for ; Sun, 24 Jun 2012 18:35:19 +0000 (UTC) Received: by vbmv11 with SMTP id v11so2037857vbm.13 for ; Sun, 24 Jun 2012 11:35:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Njd/ffuR1PxYNXiQQzIFkJXVu7R9rYx2M2QI97QW0Uc=; b=Cu273HI68agLJsf94cD754iZtajIWCTjJcDsVA6iW1qLFrZ8bfF1Ua+G11Qetl940f xQueIrt9tHSre26jrYN0mTJsNODiAEvX7wkVbL9DssFjpEPjERkK+Q0SFD8PNj+RHEqo 8vyZU1dI/UFBQiaqic5sewSqW7L4C4kepqbAx5j+59YHgTVpTVCdpHq3yUh3la2aqvGb iWxt9TE/RAb80ZufAbBEVa1vHTOko3YNf/T3L6fRNSb9Y64Q2GO+LEdslgWTdE2H0Grl Y+PvB49OSNyDmtLgSMAl8NwNoCu0iOk3szLZG7P5Mal+5f85zHxenFVpVwk85Y729XAi 2NTA== MIME-Version: 1.0 Received: by 10.220.115.12 with SMTP id g12mr5916353vcq.44.1340562919060; Sun, 24 Jun 2012 11:35:19 -0700 (PDT) Received: by 10.52.16.148 with HTTP; Sun, 24 Jun 2012 11:35:19 -0700 (PDT) In-Reply-To: <20120624181543.GA3652@DataIX.net> References: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> <20120624165920.GA85913@DataIX.net> <20120624181543.GA3652@DataIX.net> Date: Sun, 24 Jun 2012 14:35:19 -0400 Message-ID: From: Robert Simmons To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 18:35:20 -0000 On Sun, Jun 24, 2012 at 2:15 PM, J. Hellenthal wrote: > Unfortunately I see that as a different thread "Hardware potential to > duplicate existing host keys... RSA DSA ECDSA" New thread started. From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 18:52:22 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 32745106564A for ; Sun, 24 Jun 2012 18:52:22 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id D13EE8FC19 for ; Sun, 24 Jun 2012 18:52:21 +0000 (UTC) Received: by obbun3 with SMTP id un3so6736296obb.13 for ; Sun, 24 Jun 2012 11:52:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=juGQoVHsrrtyIc/6K4PG9Ok2vLhKKwRLFi41aogCcs0=; b=AM2eTZ4FrMtUIELNvXy7gFsNNULMHK7NtCSz9Xb3kHhrcMQUxHUXdsrEGUerC+6WKb U0Yjo+/B0Gw5atJMKtb8B8XeLswTsVKbqXfIxkpa0O5YCOfRUa7GdTwMH6Tin3ZjQbt/ kcXy8NwKJuicqhah3RgncuXXRpt2K9aS7g0K8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=juGQoVHsrrtyIc/6K4PG9Ok2vLhKKwRLFi41aogCcs0=; b=RW2Wyt3ZH8R77iBai4m3ytDU5HrBSGSxFffbClimUdO1TwQ4UL0jNW1jt/htcpUET2 N1oxiygKrbEDDoafdSLuoyCIdSVgBoLyWqCil4o5/fyBC3FZi1SjGO0Nw7cAAKE+AzNT F/okjzioiojp1PD83L+ncuzHI7BW26UmbDhDz7+UntfpU0anQljTBI6xD8w5/k2nzGvf KMh55ZmrUoqJAdS3kYonz3HdPUQai098i3jNG4V5j1L3q1q7HmIKhGlZvhHiy8hFM+PD ZHnnPbOlJTBfwGM1TI/aLduik7b40gcbsxaWSRUBLBRgJhKPjPPWrCDebW0TcxN8Cnjc VVjQ== Received: by 10.50.170.69 with SMTP id ak5mr6361179igc.47.1340563941332; Sun, 24 Jun 2012 11:52:21 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id nh8sm7998056igc.1.2012.06.24.11.52.20 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 24 Jun 2012 11:52:20 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5OIqH4c015492 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 24 Jun 2012 14:52:18 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5OIqHs6015491; Sun, 24 Jun 2012 14:52:17 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Sun, 24 Jun 2012 14:52:17 -0400 From: "J. Hellenthal" To: Robert Simmons Message-ID: <20120624185217.GA11320@DataIX.net> References: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> <20120624165920.GA85913@DataIX.net> <20120624181543.GA3652@DataIX.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YiEDa0DAkWCtVeE4" Content-Disposition: inline In-Reply-To: X-Gm-Message-State: ALoCoQnCa43D8TFQdISlNXLT2LxTo6qDlms3Jw6y5XCeXG+gCYcuJSwWu7M6BOt8Dqdp9Aifs8qc Cc: freebsd-security@freebsd.org Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 18:52:22 -0000 --YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jun 24, 2012 at 02:26:02PM -0400, Robert Simmons wrote: > On Sun, Jun 24, 2012 at 2:15 PM, J. Hellenthal w= rote: > > On Sun, Jun 24, 2012 at 01:26:21PM -0400, Robert Simmons wrote: > >> On Sun, Jun 24, 2012 at 12:59 PM, J. Hellenthal wrote: > >> > These are more then sufficient for any normal ssh use. > >> > >> I'm sorry if I sound rude, but I wanted to have a bit more of a > >> substantive discussion than quoting the man pages. =A0Especially since > >> what you are quoting dates back to a change to > >> src/crypto/openssh/ssh-keygen.1 dated the following: > >> Sun Sep 11 16:50:35 2005 UTC (6 years, 9 months ago) by des > >> > >> Being that the old "considered sufficient" of 1024 was added at the > >> following revision date: > >> Thu Feb 24 14:29:46 2000 UTC (12 years, 4 months ago) by markm > >> > > > > There is nothing stopping you from changing a key after the system has > > booted e.g. by using the rc script itself if you feel it is not > > sufficient. >=20 > Almost. If you use /etc/rc.d/ssh keygen all you will get is the > default sizes again. If you apply the patches I've suggested earlier, > this can be used to change the keys to your liking. As I said, my > patches don't change the default, they just add knobs to rc.conf that > allow /etc/rc.d/ssh keygen to work as someone would want it to work if > they want different key sizes. >=20 > > Given OpenBSD is usually always on the far safe side of things taking > > the security approach before simplicity I would extremely agree that it > > is more than sufficient. > > > > But then again what is good for the masses it not always good enough for > > the security paranoid and giving credit to such is what keeps everyone > > safe. > > > > ( /usr/local/etc/rc.d/openssh keygen ) # regenerate your keys > > > > Which should generate a new set of keys, keeping you safe for another X > > amount of years. > > > > =A0- or - > > > > ssh-keygen -f rsa -b [NNNN] -f /usr/local/etc/ssh/ssh_host_rsa_key >=20 > See above. I've included patches that simplify this. >=20 > > But the intitial key being the default? its sufficient to get you in and > > started on a remote system. > > > >> I would say that we are exactly due for a real discussion as to what > >> should be considered sufficient with regards to modern processors and > >> GPUs. > > > > Unfortunately I see that as a different thread "Hardware potential to > > duplicate existing host keys... RSA DSA ECDSA" >=20 > I see it as related directly to why or why not 2048 is sufficient. >=20 > Do you have an argument for the 2048 default based on something more > than OpenBSD does it? Sure With a key of length n bits, there are 2^n possible keys. This number grows very rapidly as n increases. Moore's law suggests that computing power doubles roughly every 18 to 24 months, but even this doubling effect leaves the larger symmetric key lengths currently considered acceptable well out of reach. The large number of operations (2^128) required to try all possible 128-bit keys is widely considered to be out of reach for conventional digital computing techniques for the foreseeable future. http://en.wikipedia.org/wiki/Key_size 2048 is well more than efficient. Speaking soley for RSA in that matter. It would be easier to steal the hostkey than it would be to crack it. --=20 - (2^(N-1)) --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJP52HgAAoJEBSh2Dr1DU7W0KwH/RX+GrKXNoleCQaQSsW2wncW LX11uAu5i0eEKVGicUPaTKXMJu3t7lvQ4oEO05dzvrNOz93SzE8NhF7nKzfxtPZd fm3ElzJyKvxCarNKTJd2ORymELvWJIjbC5DEwCoEocN0tgXPdEZTzgn9QswniO82 euo4tS2xAZakcVgkGy8LBxiDm+ZZxIHKsJApWzvoaJ9uAQLWSdK/gBKxqzXyatJb Uh5NkOo11k9MQ9g4cf00EEPAjDP51EtPqiPB/HKZ1rMVfP0ilf33j138oUuHX7iI ZsXBmqYERep4O8kg4lT6yuqLRRZ6mJC0VziuLskCcpj+WBBjM6oj8xIE33q8do8= =vzMY -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4-- From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 18:55:28 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 120981065673 for ; Sun, 24 Jun 2012 18:55:28 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id B79588FC18 for ; Sun, 24 Jun 2012 18:55:27 +0000 (UTC) Received: by obbun3 with SMTP id un3so6740381obb.13 for ; Sun, 24 Jun 2012 11:55:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=llb1uOKHoM6UYbS597ENYX0nOKT8JVD8KgpYf4kRiC4=; b=eFbrwn+6zIakGGBu99B/qGzKql05TsPvTDtpDt1o4L78N9sY2Rn5n7mSsPIsoJ6d7T wZku1gaGgHCcR4hdWM5aJCdgLthzc91Uk0dre/fx4MkrwY9V9V1N5CuPsBhATGi9Wls0 FQqCraMoKT/ygHeNpRleuB3DoWbyhReNR3E/U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=llb1uOKHoM6UYbS597ENYX0nOKT8JVD8KgpYf4kRiC4=; b=p0r7G8qXJ7NjhnL0Ff4kKCrA3m5lksvootGmyJ2ZvbiUW7DtKZvejLCf9iY1hj5vJ4 PcUWQkPaeWAYrNDAUuUByB/7IFob45ZK4gthP3jTIK5KV18iehms+FJz2Ubit9IPAoNn yXQ+grad3P/srep5zuVPY0qagr41GU9hr5jzCPbUnwczxSTFWvVgakVjA24NyMFw2B6l SrVchFtpUuc+faWDwdFpcpFuKzDrYT2LUgwSjIvgy/40LOQ7xL83NcZSrYi5CVzabUGo 46upgTbWlcLYI8K8IeFMfqF7mVX6HpYvgsE4SSfOskKTiLFjWeO3xxiQw/a6LlHUu6fD +/Gw== Received: by 10.50.42.165 with SMTP id p5mr6415378igl.68.1340564127280; Sun, 24 Jun 2012 11:55:27 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id bo7sm11968342igb.2.2012.06.24.11.55.26 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 24 Jun 2012 11:55:26 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5OItNWG016334 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 24 Jun 2012 14:55:23 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5OItNCK016333; Sun, 24 Jun 2012 14:55:23 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Sun, 24 Jun 2012 14:55:22 -0400 From: "J. Hellenthal" To: Robert Simmons Message-ID: <20120624185522.GB11320@DataIX.net> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Gm-Message-State: ALoCoQm5ELwi4Y0yXlWN2NEDRHqtWRKaTcERCUrlT9/bPYS0zhYl5MapzJXaOZF+bDSD6sbgaYo1 Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 18:55:28 -0000 On Sun, Jun 24, 2012 at 02:34:45PM -0400, Robert Simmons wrote: > In light of advanced in processors and GPUs, what is the potential for > duplication of RSA, DSA, and ECDSA keys at the current default key > lengths (2048, 1024, and 256 respectively)? Just missed this one... http://en.wikipedia.org/wiki/Key_size (Value Added Link) -- - (2^(N-1)) From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 18:56:12 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4D57B106566B for ; Sun, 24 Jun 2012 18:56:12 +0000 (UTC) (envelope-from feld@feld.me) Received: from feld.me (unknown [IPv6:2607:f4e0:100:300::2]) by mx1.freebsd.org (Postfix) with ESMTP id 13BEB8FC20 for ; Sun, 24 Jun 2012 18:56:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=feld.me; s=blargle; h=In-Reply-To:Message-Id:From:Mime-Version:Date:References:Subject:To:Content-Type; bh=wJrmARPjT0zIaIccBX614ttLxBMxeguAh8Fb+a+Ut/Y=; b=Oozc7CuULM1xvHf+JvLcKeITxzCVRVkNN/h3kVLEb/EzClAoyIqXZiD/Bx673xLgla35hU9zHXYwUbMhlSMn8Xv8GMCBcEUv9+jCvhksWrRZbEzmX2xOIILm65erhRvz; Received: from localhost ([127.0.0.1] helo=mwi1.coffeenet.org) by feld.me with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1Siryl-0007aU-8T for freebsd-security@freebsd.org; Sun, 24 Jun 2012 13:56:11 -0500 Received: from feld@feld.me by mwi1.coffeenet.org (Archiveopteryx 3.1.4) with esmtpa id 1340564165-94480-94479/5/52; Sun, 24 Jun 2012 18:56:05 +0000 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: freebsd-security@freebsd.org References: Date: Sun, 24 Jun 2012 13:56:04 -0500 Mime-Version: 1.0 From: Mark Felder Message-Id: In-Reply-To: User-Agent: Opera Mail/12.00 (FreeBSD) X-SA-Score: -1.5 Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 18:56:12 -0000 On Sun, 24 Jun 2012 13:34:45 -0500, Robert Simmons wrote: > In light of advanced in processors and GPUs, what is the potential for > duplication of RSA, DSA, and ECDSA keys at the current default key > lengths (2048, 1024, and 256 respectively)? > I've been able to duplicate keys for years simply using cp(1) Define "duplicate". Are you asking about some sort of collision? Are you asking about brute forcing an encrypted stream and deducing what the private key is? From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 19:21:28 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0BEE31065670 for ; Sun, 24 Jun 2012 19:21:28 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id A2EB48FC16 for ; Sun, 24 Jun 2012 19:21:27 +0000 (UTC) Received: by yenl8 with SMTP id l8so2801921yen.13 for ; Sun, 24 Jun 2012 12:21:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=zl7CkVgLRkquKGv0rHqrfBtY4KgRnZDEOZNCDcnf+rw=; b=PRVKHIapqL+t0BruiaugR6o1KCfIlNdgJw9EuFVpuxYJhWeJVGEWPO1XpQVCR9gyfD S9JlAubuTa5+JtazTyqWKwdPHUs10C5TDLe+89ID+JmBuZgWnUMv7lDlkbQMwe0g9UXi izPEf0I3XO8US6ItYVZMMnPtrTdnHrjX8KTac= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=zl7CkVgLRkquKGv0rHqrfBtY4KgRnZDEOZNCDcnf+rw=; b=E8pSG9N4vS8hz8KowdJU0yOzKtYFcbhnAwO/RaH4lA4orJ32Mha2Bppta7MsDclyvJ SIJlIxn9D/OZPgyDlZRqNL6EnJs46e5qzB6OAXnAhiHlo2xGX3gc8WDQ01a58Ed5zWke 2EiaLVEXd56hTDRGXuvdSiRyzPLTeffSwxPNKyP1JDl2heFhAICzDrMkBkxavrtar6x8 K6O/J2faTq7FFW1AddXw1tA4JAYYb7RmioB5/IHstFAvAkLTQLQCXkhSWi5omWwaDyaJ QuQf9yfxXCbLQF8mIn4SWSf62baAYhMOdpxi6hSrjh3FmIWPfietnJwKj9znGBuFq3ha BSDw== Received: by 10.50.168.1 with SMTP id zs1mr6483313igb.45.1340565686576; Sun, 24 Jun 2012 12:21:26 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id bo7sm12076715igb.2.2012.06.24.12.21.25 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 24 Jun 2012 12:21:26 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5OJLNHF021728 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 24 Jun 2012 15:21:23 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5OJLN3l021727; Sun, 24 Jun 2012 15:21:23 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Sun, 24 Jun 2012 15:21:23 -0400 From: "J. Hellenthal" To: Garrett Wollman Message-ID: <20120624192122.GB20832@DataIX.net> References: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> <20120624165920.GA85913@DataIX.net> <20120624181543.GA3652@DataIX.net> <20120624185217.GA11320@DataIX.net> <20455.26411.117114.791974@hergotha.csail.mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20455.26411.117114.791974@hergotha.csail.mit.edu> X-Gm-Message-State: ALoCoQlOef0Vwp94UBX6TdzUPxVOjbe97A753vIQ67tKqeF3EbZEf5sv4wxo77qNxwVsO6YLGdIh Cc: freebsd-security@freebsd.org Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 19:21:28 -0000 On Sun, Jun 24, 2012 at 03:14:51PM -0400, Garrett Wollman wrote: > < said: > > > 2048 is well more than efficient. Speaking soley for RSA in that matter. > > I asked R. about that a few months back, and he expressed the view > that 2,048 bits is the *minimum* RSA key size anyone should consider > using at this point. I'm willing to take his word for it. > I agree. its said that 2048 should be sufficient till at least 2030 ... we have a long time to go unless said quantum computing comes to generally available to the public. I'd like to think that by then most people that consider security seriously will already be changing to a different sized key. -- - (2^(N-1)) From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 19:26:43 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 38B911065673 for ; Sun, 24 Jun 2012 19:26:43 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id E5DE88FC14 for ; Sun, 24 Jun 2012 19:26:42 +0000 (UTC) Received: by vcbfy7 with SMTP id fy7so2048052vcb.13 for ; Sun, 24 Jun 2012 12:26:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=PGLiY/vpEE8gMl3ElMWDr2y4qMgSksWeVtTqlWAFJdg=; b=y0y3J/G9/EzpC/wQs0uZBRXPFkKO/x6jAPZrYXyKM9jPLm7NXukE+F7ZyPmLI+JtC5 3m23jpSTN084T6nRJ5ACZSK/Ceo7QWMCQE2MYGDIhkA08tYtj/FxIu9MVJlm6u1r6zh5 oU8p9rsPrgfvSBzqZq0vSdye2uKL9jhUELJMHFTIxgblJl/IgCCAiiEFgl9tGBnF0g2u mTiEFLrIVPzduaM7T5Nq0d/HVX8Bz8Ijw8D0ospPu/wt0jX0Tdve4Qe+i5WhqmR6TXf6 uPblrzqoDX8TUhg0bx374MHXUljLzAo7zhVbMj/KRnK6YAy98064LG8vEv3gPi+00gH+ Skjg== MIME-Version: 1.0 Received: by 10.220.149.148 with SMTP id t20mr6007959vcv.12.1340566002465; Sun, 24 Jun 2012 12:26:42 -0700 (PDT) Received: by 10.52.16.148 with HTTP; Sun, 24 Jun 2012 12:26:42 -0700 (PDT) In-Reply-To: References: Date: Sun, 24 Jun 2012 15:26:42 -0400 Message-ID: From: Robert Simmons To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 19:26:43 -0000 On Sun, Jun 24, 2012 at 2:56 PM, Mark Felder wrote: > On Sun, 24 Jun 2012 13:34:45 -0500, Robert Simmons > wrote: > >> In light of advanced in processors and GPUs, what is the potential for >> duplication of RSA, DSA, and ECDSA keys at the current default key >> lengths (2048, 1024, and 256 respectively)? >> > > I've been able to duplicate keys for years simply using cp(1) > > Define "duplicate". Are you asking about some sort of collision? Are you > asking about brute forcing an encrypted stream and deducing what the private > key is? Collisions or brute forcing an encrypted stream, either one. From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 19:34:16 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B1EBE1065676 for ; Sun, 24 Jun 2012 19:34:16 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 69AEB8FC0A for ; Sun, 24 Jun 2012 19:34:16 +0000 (UTC) Received: by vcbfy7 with SMTP id fy7so2049768vcb.13 for ; Sun, 24 Jun 2012 12:34:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=2buQ7GizoFKM/bcWLPFsZAYtNNRjSTsXI3gdsiAWJeo=; b=uwaXu1Seaia42ogCoNqEWrOs3FQiU8PLWhNjCdmKSUYGaYLFHL+qss/wbyAFVQFXut b3WJJFuiO60xPPNyHjz3QP8Bfs/TnZfTJM2h5MpwpXe/AbUZyczN7haISA0QQcVQRTtC trX8nJZLr01I9Qg3FcFHz5qOoNTKSM2Dp0DIKtOp0p5gwt3wCehex/Dr3cgHvQYp+ZwZ g3ntDbB8dtHQ95DiJEEdK1jrdROcvcoBJlEBKMiJLCTeHYExbkEoh2c1sofEjuh3dCEp 2JDdjySc+BF5uIs14xx2t3cgr/fEO6PMBXMbHfLkUdDUcJe+Ex83F6LigIyhoBd9gO20 kB9Q== MIME-Version: 1.0 Received: by 10.221.1.76 with SMTP id np12mr3154957vcb.46.1340566455795; Sun, 24 Jun 2012 12:34:15 -0700 (PDT) Received: by 10.52.16.148 with HTTP; Sun, 24 Jun 2012 12:34:15 -0700 (PDT) In-Reply-To: References: Date: Sun, 24 Jun 2012 15:34:15 -0400 Message-ID: From: Robert Simmons To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 19:34:16 -0000 On Sun, Jun 24, 2012 at 2:56 PM, Mark Felder wrote: > On Sun, 24 Jun 2012 13:34:45 -0500, Robert Simmons > wrote: > >> In light of advanced in processors and GPUs, what is the potential for >> duplication of RSA, DSA, and ECDSA keys at the current default key >> lengths (2048, 1024, and 256 respectively)? >> > > I've been able to duplicate keys for years simply using cp(1) > > Define "duplicate". Are you asking about some sort of collision? Are you > asking about brute forcing an encrypted stream and deducing what the private > key is? And as a flip side to the argument, is there a reason not to raise the default to 4096? Certainly the same advances in processors makes this size key quite usable. I've seen no noticeable slowness with 4096 bit RSA or 521 bit ECDSA. From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 19:43:07 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E2A2E1065673 for ; Sun, 24 Jun 2012 19:43:07 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 957388FC12 for ; Sun, 24 Jun 2012 19:43:07 +0000 (UTC) Received: by vbmv11 with SMTP id v11so2053901vbm.13 for ; Sun, 24 Jun 2012 12:43:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=FIsVHVbXRc708Kx0ii7L+1gxYfzuvzwmjACby3x2OIA=; b=IcCIwzKQSPNPndqfbbXUtoQ+MjHKYo+URUXopsX5pSOpbXGpDWB/FdVf4cKzMNd7Vc DRLE4eqhM5VyxV2AGDjSvh3VbrRHoR3lNjuvHwoUPQ3zqtJaPmAxZ3p7S8y3SrNa/bQD bV5lsGGcqjflmgnSo1xbv0Zm31WJDEPZDwXdQ5pGTnSYjlM9MvAZe2y+Vf9VMddKDU9w JhqJia1CUg0UGEYsu402ZOtX0F1NK3wkE1UC7biKXyYrbhnRpUoVaV7DaaEF0cvdHv9n njm7MfPOsa0USMg17NTPFX338IkOFMCu6VOXAgjYsEiyikQQOjuvH+0eue0rDGVS1Z8y nTHg== MIME-Version: 1.0 Received: by 10.52.35.66 with SMTP id f2mr5038811vdj.31.1340566986970; Sun, 24 Jun 2012 12:43:06 -0700 (PDT) Received: by 10.52.16.148 with HTTP; Sun, 24 Jun 2012 12:43:06 -0700 (PDT) In-Reply-To: References: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> <20120624165920.GA85913@DataIX.net> <20120624181543.GA3652@DataIX.net> Date: Sun, 24 Jun 2012 15:43:06 -0400 Message-ID: From: Robert Simmons To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 19:43:08 -0000 Just to go back the beginning of the thread, sorry: other than the wording of generate/create vs use with, does anyone see any other problems with the patches? From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 19:44:51 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9DF19106566B for ; Sun, 24 Jun 2012 19:44:51 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 4EEDC8FC16 for ; Sun, 24 Jun 2012 19:44:51 +0000 (UTC) Received: by obbun3 with SMTP id un3so6807879obb.13 for ; Sun, 24 Jun 2012 12:44:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=b/dE1BbijzxYE8/OoV/9jrvgv6+EjbdSvTBZ24DUXfE=; b=ZpmOUQLPTcwRzpKwAWtti2Q9wVtWp1JxRL9rbmnupbCpuRG2Zvo5ufKY+WKBbLC4j6 8SIRhcOWZC1NQRl11qB7Gi1M4fhYj34+EpcjSPd7Q+HulKLssjeuqzR0MQa+0OmpAwr5 Y4DzBP8jLL16TnWqN7y5lGG5V2vMH3/PBaHKQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=b/dE1BbijzxYE8/OoV/9jrvgv6+EjbdSvTBZ24DUXfE=; b=ghEVeebRJzu5435FRI4jKCFGyFDvOYKArrv17os14cW5pxtVbOfMzWeQhUcxKG1UIC PauOtg9yjDZ4WKGqAqFTOPXd3JdtN+J5bLXwQ/LWQOnsQnBWx1G8sn8/vYgzy0NYjWrN HQzAkmdwpPmQwFs2iDQnz8xzGWTYe4hLWXPwWj0C3J+ycMsPiNkZT+/yqXSX0GYdQhv0 /jIxV2xpSONJfgUxfrIzP0o2zsmvJ4yQVFto8SogcUXS8lJBmxDegMk6TDETM8NUc5ZC rfihjUbmSPV5yeiG87VAIIyAsMACihGqvTGgATEH/cQNFzzZoy+L9YF3fSx7YEsDaflG WYbA== Received: by 10.50.209.73 with SMTP id mk9mr6345968igc.66.1340567090391; Sun, 24 Jun 2012 12:44:50 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id nh8sm8102833igc.1.2012.06.24.12.44.49 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 24 Jun 2012 12:44:49 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5OJimTE022604 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 24 Jun 2012 15:44:48 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5OJimRw022603; Sun, 24 Jun 2012 15:44:48 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Sun, 24 Jun 2012 15:44:47 -0400 From: "J. Hellenthal" To: Robert Simmons Message-ID: <20120624194447.GA22363@DataIX.net> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Gm-Message-State: ALoCoQkQBYhyJfmqFZB8PuP0lPkVKf1BvHKZqcByzD/Bnu9Amo3hH11t1pZW09KFqgSvKaEHF8d7 Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 19:44:51 -0000 On Sun, Jun 24, 2012 at 03:34:15PM -0400, Robert Simmons wrote: > On Sun, Jun 24, 2012 at 2:56 PM, Mark Felder wrote: > > On Sun, 24 Jun 2012 13:34:45 -0500, Robert Simmons > > wrote: > > > >> In light of advanced in processors and GPUs, what is the potential for > >> duplication of RSA, DSA, and ECDSA keys at the current default key > >> lengths (2048, 1024, and 256 respectively)? > >> > > > > I've been able to duplicate keys for years simply using cp(1) > > > > Define "duplicate". Are you asking about some sort of collision? Are you > > asking about brute forcing an encrypted stream and deducing what the private > > key is? > > And as a flip side to the argument, is there a reason not to raise the > default to 4096? Certainly the same advances in processors makes this > size key quite usable. I've seen no noticeable slowness with 4096 bit > RSA or 521 bit ECDSA. But what happens when the default is raised to 4096 for RSA and a server has 100, 200, 300 users ? does that processor time really get effected then ? to me this is just the cost of security but only if it is needed. Moreso what is the probabilty of communications being broken if the host key is 2048 bit RSA and the user key is 4096 bit RSA -- - (2^(N-1)) From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 21:18:22 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AD6B01065673 for ; Sun, 24 Jun 2012 21:18:22 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 6C5778FC23 for ; Sun, 24 Jun 2012 21:18:22 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 4D2FA684B; Sun, 24 Jun 2012 21:18:21 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 14B118A9D; Sun, 24 Jun 2012 23:18:21 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Robert Simmons References: Date: Sun, 24 Jun 2012 23:18:20 +0200 In-Reply-To: (Robert Simmons's message of "Sun, 24 Jun 2012 14:34:45 -0400") Message-ID: <86zk7sxvc3.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 21:18:22 -0000 Robert Simmons writes: > In light of advanced in processors and GPUs, what is the potential for > duplication of RSA, DSA, and ECDSA keys at the current default key > lengths (2048, 1024, and 256 respectively)? You do know that these keys are used only for authentication, and not for encryption, right? DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 21:23:48 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AE60A106564A for ; Sun, 24 Jun 2012 21:23:48 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 5AF468FC0C for ; Sun, 24 Jun 2012 21:23:48 +0000 (UTC) Received: by vbmv11 with SMTP id v11so2077081vbm.13 for ; Sun, 24 Jun 2012 14:23:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=+8RCzHwcJ1PhRUA4LdbcjrZAxXDhv+RVo7Kzj0eLJgI=; b=yAyddrUjuN6yTLEInnq6e6/vwKzYW92NBQP/MgK+p51rhGkP/Jq6P511Yw8pq30Aa8 3ajFvD7e+Y74erBiUpdpoWVnyqTqyMafNtZTkxggrkiGtI1i8asD9Zzsuntpuq5D5gfR 7BGeCo58gcSBzBAG7MMsJIlEtL0MZvT1SooA1G8dFYbJwRAfXhWO34dTnuxKAtA+Xrd0 g3sHmd8l+lnxnpPA4KJD+hsbkiD/Iy+zrkmf4t/891j5xChqLWn5isKjfSmrvSbXNn4W BV7U0Zexp+9BYrPbJSP2WP1Wj7bsi+alfxkGtnrjKV6+QrAvCSLvPwAEfXIV+yyNgdVy YD+Q== MIME-Version: 1.0 Received: by 10.52.24.49 with SMTP id r17mr3371243vdf.71.1340573027637; Sun, 24 Jun 2012 14:23:47 -0700 (PDT) Received: by 10.52.16.148 with HTTP; Sun, 24 Jun 2012 14:23:47 -0700 (PDT) In-Reply-To: <86zk7sxvc3.fsf@ds4.des.no> References: <86zk7sxvc3.fsf@ds4.des.no> Date: Sun, 24 Jun 2012 17:23:47 -0400 Message-ID: From: Robert Simmons To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 21:23:48 -0000 On Sun, Jun 24, 2012 at 5:18 PM, Dag-Erling Sm=F8rgrav wrote: > Robert Simmons writes: >> In light of advanced in processors and GPUs, what is the potential for >> duplication of RSA, DSA, and ECDSA keys at the current default key >> lengths (2048, 1024, and 256 respectively)? > > You do know that these keys are used only for authentication, and not > for encryption, right? Yes, the encryption key length is determined by which symmetric cipher is negotiated between the client and server based on what is available from the Ciphers line in sshd_config and ssh_config. From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 22:09:59 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by hub.freebsd.org (Postfix) with ESMTP id B0A7C106564A for ; Sun, 24 Jun 2012 22:09:59 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 2A0C1150689; Sun, 24 Jun 2012 22:09:59 +0000 (UTC) Message-ID: <4FE79036.2020503@FreeBSD.org> Date: Sun, 24 Jun 2012 15:09:58 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:13.0) Gecko/20120624 Thunderbird/13.0.1 MIME-Version: 1.0 To: Robert Simmons References: In-Reply-To: X-Enigmail-Version: 1.4.2 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 22:09:59 -0000 On 06/24/2012 09:07, Robert Simmons wrote: > Here is a set of patches that add functionality to rc.conf allowing > users an easy way to control the length of the host keys used with ssh Sorry, this doesn't belong in rc.d. The defaults are more than sufficient for the overwhelming majority of FreeBSD users. As has already been pointed out to you, the key can easily be changed after the system has booted for the first time. Knobs in rc.d should be for things that users are likely to need to configure, and/or need to be run often. Host key generation happens exactly one time in the life of a system, so this is neither. ... and yes, I stay very up to date on current discussions of cryptographic topics, including RSA key lengths. If you can point to a realistic threat model that would allow a 2048 bit key to be compromised where a larger RSA key would not, it would be worthwhile to have a discussion about changing the defaults. But it still wouldn't belong in rc.d. hope this helps, Doug -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 19:14:53 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9972E106567D for ; Sun, 24 Jun 2012 19:14:53 +0000 (UTC) (envelope-from wollman@hergotha.csail.mit.edu) Received: from hergotha.csail.mit.edu (wollman-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:ccb::2]) by mx1.freebsd.org (Postfix) with ESMTP id 42F118FC12 for ; Sun, 24 Jun 2012 19:14:53 +0000 (UTC) Received: from hergotha.csail.mit.edu (localhost [127.0.0.1]) by hergotha.csail.mit.edu (8.14.5/8.14.5) with ESMTP id q5OJEp2M037475; Sun, 24 Jun 2012 15:14:51 -0400 (EDT) (envelope-from wollman@hergotha.csail.mit.edu) Received: (from wollman@localhost) by hergotha.csail.mit.edu (8.14.5/8.14.4/Submit) id q5OJEpFC037472; Sun, 24 Jun 2012 15:14:51 -0400 (EDT) (envelope-from wollman) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <20455.26411.117114.791974@hergotha.csail.mit.edu> Date: Sun, 24 Jun 2012 15:14:51 -0400 From: Garrett Wollman To: "J. Hellenthal" In-Reply-To: <20120624185217.GA11320@DataIX.net> References: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> <20120624165920.GA85913@DataIX.net> <20120624181543.GA3652@DataIX.net> <20120624185217.GA11320@DataIX.net> X-Mailer: VM 7.17 under 21.4 (patch 22) "Instant Classic" XEmacs Lucid X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (hergotha.csail.mit.edu [127.0.0.1]); Sun, 24 Jun 2012 15:14:51 -0400 (EDT) X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=disabled version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on hergotha.csail.mit.edu X-Mailman-Approved-At: Sun, 24 Jun 2012 22:50:14 +0000 Cc: freebsd-security@freebsd.org Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 19:14:53 -0000 < said: > 2048 is well more than efficient. Speaking soley for RSA in that matter. I asked R. about that a few months back, and he expressed the view that 2,048 bits is the *minimum* RSA key size anyone should consider using at this point. I'm willing to take his word for it. -GAWollman From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 01:31:09 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B8C561065678 for ; Mon, 25 Jun 2012 01:31:09 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 44F118FC0A for ; Mon, 25 Jun 2012 01:31:09 +0000 (UTC) Received: by werg1 with SMTP id g1so3225795wer.13 for ; Sun, 24 Jun 2012 18:31:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=CzTfRvcKfKWx9ERkZH/dTMNeysYP2UHHMjLIp7SQ8I4=; b=H/VE8jYydsAL21rRBt2cHKSF6zWJLTZTL8myIQbr45xCAGkHIGBBtIQxPzDvTFvsu5 6P3J4Gg8X2Lzu8nt1XlpShqsDsVwyJIAwOgQTwJmXBfWEgrDM+OGjVJCTXxaWLZRv0xR EOasx2MrptvXiDcaqXdgy69mYBNlpmzg7+r7vwWRpgUCQ5SyltNjqogGwL87rONjT5Ah AohVVBIEIwuT5Fc0km5JL1Pu7TQ2sxHLXZi1sCqCjNBbdOL2jPAPutiNNy9jL90QNJk1 2qr0/B87rctQw+UnK1QaBGYywkdv7R72Se38bA8JYhREWOmeUxh+0fFTvEIFSPXeEXWM PFGA== Received: by 10.180.102.9 with SMTP id fk9mr24186362wib.1.1340587868140; Sun, 24 Jun 2012 18:31:08 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id bg10sm3267365wib.9.2012.06.24.18.31.06 (version=SSLv3 cipher=OTHER); Sun, 24 Jun 2012 18:31:07 -0700 (PDT) Date: Mon, 25 Jun 2012 02:31:04 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120625023104.2a0c7627@gumby.homeunix.com> In-Reply-To: References: <86zk7sxvc3.fsf@ds4.des.no> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 01:31:09 -0000 On Sun, 24 Jun 2012 17:23:47 -0400 Robert Simmons wrote: > On Sun, Jun 24, 2012 at 5:18 PM, Dag-Erling Sm=F8rgrav > wrote: > > Robert Simmons writes: > >> In light of advanced in processors and GPUs, what is the potential > >> for duplication of RSA, DSA, and ECDSA keys at the current default > >> key lengths (2048, 1024, and 256 respectively)? > > > > You do know that these keys are used only for authentication, and > > not for encryption, right? >=20 > Yes, the encryption key length is determined by which symmetric cipher > is negotiated between the client and server based on what is available > from the Ciphers line in sshd_config and ssh_config. I'm not very familiar with ssh, but surely they're also used for session-key exchange, which makes them crucial to encryption. They should be as secure as the strongest symmetric cipher they need to work with. From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 01:46:06 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A782A1065679 for ; Mon, 25 Jun 2012 01:46:06 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) by mx1.freebsd.org (Postfix) with ESMTP id 2EF388FC14 for ; Mon, 25 Jun 2012 01:46:06 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 4287E25D3A90; Mon, 25 Jun 2012 01:46:05 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 78C15BE8505; Mon, 25 Jun 2012 01:46:04 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id xZwS1BgZ_o6H; Mon, 25 Jun 2012 01:46:02 +0000 (UTC) Received: from orange-en1.sbone.de (orange-en1.sbone.de [IPv6:fde9:577b:c1a9:31:cabc:c8ff:fecf:e8e3]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id D5133BE8506; Mon, 25 Jun 2012 01:46:02 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: "Bjoern A. Zeeb" In-Reply-To: Date: Mon, 25 Jun 2012 01:46:02 +0000 Content-Transfer-Encoding: 7bit Message-Id: <90EAF0C3-C676-4C20-A981-86FC88BAC29D@lists.zabbadoz.net> References: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> To: Robert Simmons X-Mailer: Apple Mail (2.1084) Cc: freebsd-security@freebsd.org Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 01:46:06 -0000 On 24. Jun 2012, at 17:14 , Robert Simmons wrote: > On Sun, Jun 24, 2012 at 12:34 PM, Bjoern A. Zeeb > wrote: >> On 24. Jun 2012, at 16:07 , Robert Simmons wrote: >>> Here is a set of patches that add functionality to rc.conf allowing >>> users an easy way to control the length of the host keys used with ssh >>> (specifically RSA and ECDSA used with protocol version 2). >> >> Created for, not used with -- right? > > Yes, created for. I have updated the patch to reflect this and > attached the new patch. Good eye, thanks. > >> The used with is controlled in sshd_config and if the key is not there >> but it's enabled in sshd_config you'll get a warning on boot which is >> very annoying. > > No. Actually, "used with" is not controlled in sshd_config. Only the > path to the key files is controlled by that config. > The sshd_flags variable in rc.conf is what controls "used with". For > example, on my installs, I only want to use the ECDSA key and not > present any other protocol v2 keys to clients, thereby restricting it > to ECDSA. The only way to go about this is to set the following: > sshd_flags="-h /etc/ssh/ssh_host_ecdsa_key" > Take a look at sshd(8), specifically the -h option for clarification. Aha, multiple options to accomplish the same thing. HostKey /etc/ssh/ssh_host_ecdsa_key in sshd_config should accomplish the same, shouldn't it? I'd really prefer that to a command line option. /bz -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do! From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 02:09:09 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9112F1065674 for ; Mon, 25 Jun 2012 02:09:09 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 413B58FC0C for ; Mon, 25 Jun 2012 02:09:09 +0000 (UTC) Received: by vcbfy7 with SMTP id fy7so2151839vcb.13 for ; Sun, 24 Jun 2012 19:09:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=FhWhcrqyzYQaLbMN4qd2KbtHQMZ/N+G7Qon3nPwXyW4=; b=0W0W7SfjlKOQOwMIvgBb8ODH1z8lfFoY/KREaWabbz9GFBrT/VOFDHyYqchCT6RAC0 V2daFtN3ITT3pc0l1FGRoIZuIzEB8FaDJDBWG4YC3xvrChdruUQLhrugoGsI2nB3xyIt hkIFc8R3/FngdRutv7IPClHXhbpXpv0vWs3orWZ6VrWeCIOEVkrkiSQqM9iw3QvX7fN0 3izgnhDUwuFj9tc+dQIlH4xSMJl7S8u0k3P8OGMjC4w6DlWPk6ajL1Lo5C5KqLwVQQ4d WOsRjWIsjVrtZneghCBpBzbR0SwauHNgbZWs+El8u+kEZDaK5yQ4DF1dRhjP50d+/eVs WekA== MIME-Version: 1.0 Received: by 10.52.28.202 with SMTP id d10mr5435475vdh.39.1340590148523; Sun, 24 Jun 2012 19:09:08 -0700 (PDT) Received: by 10.52.16.148 with HTTP; Sun, 24 Jun 2012 19:09:08 -0700 (PDT) In-Reply-To: <90EAF0C3-C676-4C20-A981-86FC88BAC29D@lists.zabbadoz.net> References: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> <90EAF0C3-C676-4C20-A981-86FC88BAC29D@lists.zabbadoz.net> Date: Sun, 24 Jun 2012 22:09:08 -0400 Message-ID: From: Robert Simmons To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 02:09:09 -0000 On Sun, Jun 24, 2012 at 9:46 PM, Bjoern A. Zeeb wrote: > > On 24. Jun 2012, at 17:14 , Robert Simmons wrote: > >> On Sun, Jun 24, 2012 at 12:34 PM, Bjoern A. Zeeb >> wrote: >>> On 24. Jun 2012, at 16:07 , Robert Simmons wrote: >>>> Here is a set of patches that add functionality to rc.conf allowing >>>> users an easy way to control the length of the host keys used with ssh >>>> (specifically RSA and ECDSA used with protocol version 2). >>> >>> Created for, not used with -- right? >> >> Yes, created for. =A0I have updated the patch to reflect this and >> attached the new patch. =A0Good eye, thanks. >> >>> The used with is controlled in sshd_config and if the key is not there >>> but it's enabled in sshd_config you'll get a warning on boot which is >>> very annoying. >> >> No. =A0Actually, "used with" is not controlled in sshd_config. =A0Only t= he >> path to the key files is controlled by that config. >> The sshd_flags variable in rc.conf is what controls "used with". =A0For >> example, on my installs, I only want to use the ECDSA key and not >> present any other protocol v2 keys to clients, thereby restricting it >> to ECDSA. =A0The only way to go about this is to set the following: >> sshd_flags=3D"-h /etc/ssh/ssh_host_ecdsa_key" >> Take a look at sshd(8), specifically the -h option for clarification. > > Aha, multiple options to accomplish the same thing. > > HostKey /etc/ssh/ssh_host_ecdsa_key > > in sshd_config should accomplish the same, shouldn't it? =A0I'd really > prefer that to a command line option. No, you'll find that even with that being the only line uncommented, your server will still present DSA and RSA keys to the clients that can't understand ECDSA. The only way to restrict it is with the sshd flag "-h". Go try it. From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 02:10:34 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 21FD0106564A for ; Mon, 25 Jun 2012 02:10:34 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id C659F8FC19 for ; Mon, 25 Jun 2012 02:10:33 +0000 (UTC) Received: by vcbfy7 with SMTP id fy7so2152297vcb.13 for ; Sun, 24 Jun 2012 19:10:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=Em1NhXcc+wBakT4NjbZsRtYh18BqnMji+oI2YRPYNp0=; b=c3ZzgXzK43AijvnaRclS+GnF5XSjBi2n7oF+XaqtVziAEn61THLeCPDToG9P5Ic58m CUlRyTUaAuyeBWzr5UPMPgsdK+68N7VdgmNQyrblf/n1txU2bLREo881U8sJutibR/OV Takjr/9Q6qPo3slmGvrYZnpObQQme5362n5PoQhksNqnfHEam212spl+7AOkWQHVH0gS Rl7wPVRqpvgYJ2YxuEqZ8AUWhhxizwbM63b0rtl2B7OtYcP+5FLludwC7DI6zBdkYBts zQQyg+DUIz2csDS0/ws5m8eMvu13YS/EQf2voTlySqSQ84sK43fa91XXpIzusZ7rXxgB hanA== MIME-Version: 1.0 Received: by 10.52.24.49 with SMTP id r17mr3677412vdf.71.1340590233262; Sun, 24 Jun 2012 19:10:33 -0700 (PDT) Received: by 10.52.16.148 with HTTP; Sun, 24 Jun 2012 19:10:33 -0700 (PDT) In-Reply-To: <90EAF0C3-C676-4C20-A981-86FC88BAC29D@lists.zabbadoz.net> References: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> <90EAF0C3-C676-4C20-A981-86FC88BAC29D@lists.zabbadoz.net> Date: Sun, 24 Jun 2012 22:10:33 -0400 Message-ID: From: Robert Simmons To: "Bjoern A. Zeeb" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 02:10:34 -0000 On Sun, Jun 24, 2012 at 9:46 PM, Bjoern A. Zeeb wrote: > > On 24. Jun 2012, at 17:14 , Robert Simmons wrote: > >> On Sun, Jun 24, 2012 at 12:34 PM, Bjoern A. Zeeb >> wrote: >>> On 24. Jun 2012, at 16:07 , Robert Simmons wrote: >>>> Here is a set of patches that add functionality to rc.conf allowing >>>> users an easy way to control the length of the host keys used with ssh >>>> (specifically RSA and ECDSA used with protocol version 2). >>> >>> Created for, not used with -- right? >> >> Yes, created for. =A0I have updated the patch to reflect this and >> attached the new patch. =A0Good eye, thanks. >> >>> The used with is controlled in sshd_config and if the key is not there >>> but it's enabled in sshd_config you'll get a warning on boot which is >>> very annoying. >> >> No. =A0Actually, "used with" is not controlled in sshd_config. =A0Only t= he >> path to the key files is controlled by that config. >> The sshd_flags variable in rc.conf is what controls "used with". =A0For >> example, on my installs, I only want to use the ECDSA key and not >> present any other protocol v2 keys to clients, thereby restricting it >> to ECDSA. =A0The only way to go about this is to set the following: >> sshd_flags=3D"-h /etc/ssh/ssh_host_ecdsa_key" >> Take a look at sshd(8), specifically the -h option for clarification. > > Aha, multiple options to accomplish the same thing. > > HostKey /etc/ssh/ssh_host_ecdsa_key > > in sshd_config should accomplish the same, shouldn't it? =A0I'd really > prefer that to a command line option. And vice versa. Let's say you only uncomment the line for RSA keys in sshd_config. Your server will still present the ECDSA key to clients that understand it. From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 10:36:02 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8AAFC106564A for ; Mon, 25 Jun 2012 10:36:02 +0000 (UTC) (envelope-from azet@azet.org) Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 1755B8FC19 for ; Mon, 25 Jun 2012 10:36:01 +0000 (UTC) Received: by wgbds11 with SMTP id ds11so3731608wgb.31 for ; Mon, 25 Jun 2012 03:36:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding:x-gm-message-state; bh=mEP6kVM6RFBp2mDXMTdtGNQ6VrmzMcvQLbjx/n3DTxk=; b=CLbI8gd+w7YfMuKgBFFEDoLJFVeepiLq/cXzvXbI6BAdalV0OleGBsnUfBwBBkgYLH KkWvy/XNRXyHRUEq9FDSrEmkP3uoVOE5Z4Pooz3kw4bAKdLKQoc6z2mTduHjk3MxS/jr X4Jk7gRPnPq0/FHoGeh234QJW2DYFr6ZyNL/wqnrcAJP/Y4TQS5EoipXt2S+NV945faS y/HfV9QPK6Cs2cNy6b+RVq1AoQOl3CfPrNgFaJ+LEoEPMXFTLHg1AMGDO9vBbmHWYlNG 0syNdi9kVPuqREEW1kBURhupKGooX9B4WXmJ9ENhDM6fLMegMFt2nKWcywfEcHCnN3ja mHFw== MIME-Version: 1.0 Received: by 10.180.79.229 with SMTP id m5mr23536033wix.13.1340620560903; Mon, 25 Jun 2012 03:36:00 -0700 (PDT) Received: by 10.194.32.6 with HTTP; Mon, 25 Jun 2012 03:36:00 -0700 (PDT) In-Reply-To: References: Date: Mon, 25 Jun 2012 10:36:00 +0000 Message-ID: From: Aaron Zauner To: freebsd-security@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Gm-Message-State: ALoCoQml4NHyIJ5bDg5rbdsX4v2uw3NTVT+Xifr3xorI+F59Dt+t3JOlYj5SY704516m8d8av3Nu Subject: Fwd: Default password encryption method. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 10:36:02 -0000 so what about bcrypt? http://en.wikipedia.org/wiki/Bcrypt On Thu, Jun 21, 2012 at 7:38 PM, Aaron D. Gifford wr= ote: > On Tue, Jun 19, 2012 at 12:14 PM, Simon L. B. Nielsen = wrote: > ..snip... >> The FreeBSD Security Team is also looking at (/poking people to look at) >> solutions which will improve the the time it takes to brute force passwo= rds >> significantly more. >> >> -- >> Simon > > I'd love to see PBKDF2 as a password hashing method. Yes, it's meant > for deriving key material, but it can function similarly. =C2=A0It has th= e > flexibility of allowing different hashes being used for the HMAC PRNG > portion, and the ability to vary/specify the number of iterations. > No, it's not memory complex like scrypt, but personally I prefer to > not yet have memory usage involved. =C2=A0I could foresee PBKDF-HMAC-SHA5= 12 > or PBKDF-HMAC-SHA256. =C2=A0I would select the quantity of output to matc= h > the hash size selected (i.e. if I use HMAC-SHA512 for the PRNG portion > of PBKDF2, I would have PBKDF2 generate 512 bits of output to store in > my password database). > > PBKDF2(pseudo-random-function, password, salt, iterations, output-size) > > I'd offer HMAC-SHA256 and HMAC-SHA512 initially for the > pseudo-random-function parameter. > > And I'd select output-size as mentioned above, 256 bits for HMAC-SHA256, = etc. > > As for iterations, how hard would it be to allow for more variation in > the base-64 encoded salt field in the master password database such > that for a PBKDF2 scheme, the field used as salt would actually be > three fields, an 4-bit pseudo-random-function selector and a 32-bit > unsigned integer number of iterations (or 36 bits, which base-64 > encoded would be 6 characters) followed by a variable length salt > (i.e. any length permitted by the master password database structure > up to the '$' character delimiter)? > > Or one could simply define separate algorithms for each PRF > (pseudo-random-function) available. > > But, storing the number of iterations with the stored salt has the > benefit of not requiring a new algorithm be defined when one wants to > increase the default security level of hashed passwords. =C2=A0One merely > need to change a system setting to default to use more iterations. > And password databases from other systems with a higher or lower > setting would still be readable and usable. > > Brainstorming session over... for now. > > Aaron out. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 11:17:33 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C465C1065679 for ; Mon, 25 Jun 2012 11:17:33 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id 4CF5C8FC19 for ; Mon, 25 Jun 2012 11:17:33 +0000 (UTC) Received: by eabm6 with SMTP id m6so1462792eab.13 for ; Mon, 25 Jun 2012 04:17:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=srDvyitinrqW3l5VUzBaHvMhesgeu0cMn34kBlXaELM=; b=eg8G2Ehdd5YXHDu319RWr5qm9MR7qlxodlrly/c/EFw5Na5NfShGwhu/RAgmjPjkr0 WsB1r7e72nxy2eExw4TvSPhwPlEjATTJzXAwWRyYHvkdqIgQ4vIuhRoKeFtg11jcrDIW Gcv0JhRTl/Ddsb3J8JVVeEM8cpESSv75V2fIkzKLpZ7cKo/0oatWic6OE1+SdDQRRDGL bX5rkfW0FQzIMRoMvEzBhG8ffamqd2N8et7PD/916shhGk21MTFyXDFu7oDxyCMGOPtC UGHKJmlq8eS0ZsPbbmbOYBl5RYEXcGrMevCH+EPE9i3fLp1n6xIcohyj4SbQv4iE2fUQ 50tw== Received: by 10.14.97.137 with SMTP id t9mr2367343eef.73.1340623052153; Mon, 25 Jun 2012 04:17:32 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id c42sm137756245eeb.2.2012.06.25.04.17.30 (version=SSLv3 cipher=OTHER); Mon, 25 Jun 2012 04:17:31 -0700 (PDT) Date: Mon, 25 Jun 2012 12:17:27 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120625121727.50659bec@gumby.homeunix.com> In-Reply-To: References: X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Default password encryption method. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 11:17:33 -0000 On Mon, 25 Jun 2012 10:36:00 +0000 Aaron Zauner wrote: > so what about bcrypt? > > http://en.wikipedia.org/wiki/Bcrypt We already have it, read the previous thread on the subject, it's only nine threads up. From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 12:20:21 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B2E541065676 for ; Mon, 25 Jun 2012 12:20:21 +0000 (UTC) (envelope-from dewayne.geraghty@heuristicsystems.com.au) Received: from nskntqsrv02p.mx.bigpond.com (nskntqsrv02p.mx.bigpond.com [61.9.168.234]) by mx1.freebsd.org (Postfix) with ESMTP id 395788FC0C for ; Mon, 25 Jun 2012 12:20:15 +0000 (UTC) Received: from nskntcmgw05p ([61.9.169.165]) by nskntmtas03p.mx.bigpond.com with ESMTP id <20120625070630.UIBI10464.nskntmtas03p.mx.bigpond.com@nskntcmgw05p> for ; Mon, 25 Jun 2012 07:06:30 +0000 Received: from hermes.heuristicsystems.com.au ([58.172.112.105]) by nskntcmgw05p with BigPond Outbound id SX6W1j00H2GVmci01X6WwZ; Mon, 25 Jun 2012 07:06:30 +0000 X-Authority-Analysis: v=2.0 cv=G9We4qY5 c=1 sm=1 a=0GO/22z+lHYfckWJ4naYnw==:17 a=8AS2J04VZr8A:10 a=twTT4oUKOlYA:10 a=kj9zAlcOel0A:10 a=GHIR_BbyAAAA:8 a=4ZDdAZLOAAAA:8 a=6oKW2ozWG3e2etH2DVMA:9 a=CjuIK1q_8ugA:10 a=0GO/22z+lHYfckWJ4naYnw==:117 Received: from white (white.hs [10.0.5.2]) (authenticated bits=0) by hermes.heuristicsystems.com.au (8.14.5/8.13.6) with ESMTP id q5P73rwp024737 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Mon, 25 Jun 2012 17:03:55 +1000 (EST) (envelope-from dewayne.geraghty@heuristicsystems.com.au) From: "Dewayne Geraghty" To: "'Robert Simmons'" References: Date: Mon, 25 Jun 2012 17:03:53 +1000 Message-ID: <8F192950D203416CA6E24E2BC89B24A5@white> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Thread-Index: Ac1SQMA5v3bNWTKNRuy+XY2wxiGy4gAWvyMw X-Mailman-Approved-At: Mon, 25 Jun 2012 13:25:39 +0000 Cc: freebsd-security@freebsd.org Subject: RE: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 12:20:21 -0000 > And as a flip side to the argument, is there a reason not to > raise the default to 4096? Certainly the same advances in > processors makes this size key quite usable. I've seen no > noticeable slowness with 4096 bit RSA or 521 bit ECDSA. Robert, A good question and it's good to check underlying assumptions from time to time. Identifying a host using keys of greater than 2048 bits (RSA) adds little to the objective of ensuring that the host that you are intending to talk to, is who it purports to be. Taking a loose analogue, most secure websites use a certificate of 2048 bits, but these have the dual purpose of identifying the server, and negotiating a symmetric cipher. This isn't the case for an ssh host key, which only identifies the host before commencing the next asymmetric (account key) handshake. According to http://www.secg.org/download/aid-780/sec1-v2.pdf ECC 256 is roughly equivalent to RSA 3072 bits; the current bit sizes (RSA 2048) are supposed to be good until at least 2030. Though I don't know if this takes into account the US Air Forces recent SGI machine with 73,728 Xeon processors and 1.47 petabytes of memory. :) Its arguable that the ecdsa key size should be 224 bits, base on the previous pdf reference, but I digress :) When the server that you're connecting to is previously unknown to you, the next best piece of information is a DNS sshfp resource record (ssh public key fingerprint) as a source of verification. And this is only 16 bytes. Regards, Dewayne From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 16:09:13 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 19C19106567A for ; Mon, 25 Jun 2012 16:09:13 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by mx1.freebsd.org (Postfix) with ESMTP id B187B8FC08 for ; Mon, 25 Jun 2012 16:09:12 +0000 (UTC) Received: by yhq56 with SMTP id 56so3284187yhq.17 for ; Mon, 25 Jun 2012 09:09:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:content-transfer-encoding :in-reply-to; bh=FQ9Lay67x5yh3qk8PghGp1Y85nn8zQXY89swRKWmK20=; b=bbQOJ6COW0yL6ZSjFBJAWxqwtIdmXrADONWIVFuvnwbyI+W76//g/3+9dCIQiMgqHZ XFZHBxWpo44GkS+M2GZ+C0n3HHkUEJ0SH/QLnM1a7K7H68E+0ujAIaY0cX9c8PrkoQNb Q5kWvRu9idfvuuao9Uz2GfXwSSm15vOYQO/1Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:content-transfer-encoding :in-reply-to:x-gm-message-state; bh=FQ9Lay67x5yh3qk8PghGp1Y85nn8zQXY89swRKWmK20=; b=UW6QonoArYrvYKq9/DNwhaSjHxJfFkAyzvVrZv/W+QBCsN/xW1bFum4VRTNqH9fTx4 P1zq50uGzB2YaY0YPIqU9mI79deU4QtwSRv2DM6TZ1JbbxgErr/c5X2CuRQNgE7jnNdL zfhnuQDcKW4Sf7+QuiD6lA75jhBX0SEEc+xKqFAwqV5tPQArmt9OWKq3qXkYaT4iUX5i xj3iAgHAYC//3h0tWA0u5HbmlMUnIBL3g6Z4wbtdc95/nXWa9mf/10KPYRE2N0DxBFxr YtXriPub9VDeCMprPiU3xH+8zkWPeRoZMNYNpfiS5HyPEw+pZtxgVQCXaP6ytEBmhk2i TZoA== Received: by 10.50.161.234 with SMTP id xv10mr8634816igb.66.1340640551912; Mon, 25 Jun 2012 09:09:11 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id nh8sm10569785igc.1.2012.06.25.09.09.11 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 25 Jun 2012 09:09:11 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5PG98bo086345 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 25 Jun 2012 12:09:08 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5PG98Js086344; Mon, 25 Jun 2012 12:09:08 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Mon, 25 Jun 2012 12:09:08 -0400 From: "J. Hellenthal" To: RW Message-ID: <20120625160908.GA85086@DataIX.net> References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20120625023104.2a0c7627@gumby.homeunix.com> X-Gm-Message-State: ALoCoQnXP+Yk/wx29t3nE8sZufRtj2k9qAR5XR3kTT8Mz4OTQGFAdmS+uARu4Q6s+H147pEokXcU Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 16:09:13 -0000 On Mon, Jun 25, 2012 at 02:31:04AM +0100, RW wrote: > On Sun, 24 Jun 2012 17:23:47 -0400 > Robert Simmons wrote: > > > On Sun, Jun 24, 2012 at 5:18 PM, Dag-Erling Smřrgrav > > wrote: > > > Robert Simmons writes: > > >> In light of advanced in processors and GPUs, what is the potential > > >> for duplication of RSA, DSA, and ECDSA keys at the current default > > >> key lengths (2048, 1024, and 256 respectively)? > > > > > > You do know that these keys are used only for authentication, and > > > not for encryption, right? > > > > Yes, the encryption key length is determined by which symmetric cipher > > is negotiated between the client and server based on what is available > > from the Ciphers line in sshd_config and ssh_config. > > I'm not very familiar with ssh, but surely they're also used for > session-key exchange, which makes them crucial to encryption. They > should be as secure as the strongest symmetric cipher they need to work > with. This should give you a good outline of it. http://www.linuxjournal.com/article/9566 -- - (2^(N-1)) From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 16:09:17 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F04B31065670 for ; Mon, 25 Jun 2012 16:09:16 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 7226F8FC14 for ; Mon, 25 Jun 2012 16:09:16 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 5AB706B29; Mon, 25 Jun 2012 16:09:15 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 277268B5F; Mon, 25 Jun 2012 18:09:15 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: RW References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> Date: Mon, 25 Jun 2012 18:09:14 +0200 In-Reply-To: <20120625023104.2a0c7627@gumby.homeunix.com> (RW's message of "Mon, 25 Jun 2012 02:31:04 +0100") Message-ID: <86pq8nxtjp.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 16:09:17 -0000 RW writes: > Dag-Erling Sm=C3=B8rgrav writes: > > You do know that these keys are used only for authentication, and > > not for encryption, right? > I'm not very familiar with ssh, but surely they're also used for > session-key exchange, which makes them crucial to encryption. They > should be as secure as the strongest symmetric cipher they need to work > with. No. They are used for authentication only. This is crypto 101. Having a copy of the host key allows you to do one thing and one thing only: impersonate the server. It does not allow you to eavesdrop on an already-established connection. If the server is set up to require key-based user authentication, an attacker would also have to obtain the user's key to mount an effective man-in-the-middle attack. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 16:14:51 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 062CD1065675 for ; Mon, 25 Jun 2012 16:14:51 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-gh0-f182.google.com (mail-gh0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id 9CA988FC2A for ; Mon, 25 Jun 2012 16:14:50 +0000 (UTC) Received: by ghbz22 with SMTP id z22so3487910ghb.13 for ; Mon, 25 Jun 2012 09:14:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:content-transfer-encoding :in-reply-to; bh=Fb4bpzfz3AufkByltSrQTAmQDJDwX8Bc/DRrlamqS5o=; b=Iae3tKWx2rax4obzfnlbKCUOyntbR/8jbsuflnN3xUeOghteQ4ZhKf4NoaOKIbCVKr nvoMcS1NbQpTeqDTi0VYf7QqNlLyJMrZGGi+V67Jj2bPFXUa8CZ9s+W3btK4/E2ctd1O 29w6M5KHXO9I/AVFPStEa7tP9Fdk7dXu1wFwU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:content-transfer-encoding :in-reply-to:x-gm-message-state; bh=Fb4bpzfz3AufkByltSrQTAmQDJDwX8Bc/DRrlamqS5o=; b=BKvyox4FwmEwWpr5+ZN4Ub9ysrJXf+6dbSyrAe7JCpK6Q/X7X52EVNkT3PgP6oV/0U z197U7H7tCZ0rcCOtx/SetmBuofj3dNP+OdDVh+i9/etgQmXx7GPOoEGUXR7gdw7cfwT T6rG5oG5FB1Q0npfbG5zmzeIjeeo5KYl4U2fzJQgmPJtX9hxeSZ1Qe+lc2uzsP5I9hzo ioNJ/ZltBUXmNFgohbbtQ3V87dBcOa/bBIdTi5MavfS2LKR/ZEMx0AtRiJUYDQE5hm0l joBSiIRipuL68rdQaaRhYwah1XkOZgKnOX+lUg09gA8OsoMMwwGW2bq+Xp7bWSZEimWS vySA== Received: by 10.50.160.234 with SMTP id xn10mr8597874igb.61.1340640889572; Mon, 25 Jun 2012 09:14:49 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id y5sm17164512igb.11.2012.06.25.09.14.48 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 25 Jun 2012 09:14:49 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5PGEkZZ086636 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 25 Jun 2012 12:14:46 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5PGEj2Z086635; Mon, 25 Jun 2012 12:14:45 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Mon, 25 Jun 2012 12:14:45 -0400 From: "J. Hellenthal" To: Robert Simmons Message-ID: <20120625161445.GB85086@DataIX.net> References: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> <90EAF0C3-C676-4C20-A981-86FC88BAC29D@lists.zabbadoz.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Gm-Message-State: ALoCoQlvyPrRr9VaQsWelcJvB5LM6AdcKPVdCCBFMUpW38beP4vu5uiCiRyN7YLP9vhv9VQ/t0OI Cc: "Bjoern A. Zeeb" , freebsd-security@freebsd.org Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 16:14:51 -0000 On Sun, Jun 24, 2012 at 10:10:33PM -0400, Robert Simmons wrote: > On Sun, Jun 24, 2012 at 9:46 PM, Bjoern A. Zeeb > wrote: > > > > On 24. Jun 2012, at 17:14 , Robert Simmons wrote: > > > >> On Sun, Jun 24, 2012 at 12:34 PM, Bjoern A. Zeeb > >> wrote: > >>> On 24. Jun 2012, at 16:07 , Robert Simmons wrote: > >>>> Here is a set of patches that add functionality to rc.conf allowing > >>>> users an easy way to control the length of the host keys used with ssh > >>>> (specifically RSA and ECDSA used with protocol version 2). > >>> > >>> Created for, not used with -- right? > >> > >> Yes, created for.  I have updated the patch to reflect this and > >> attached the new patch.  Good eye, thanks. > >> > >>> The used with is controlled in sshd_config and if the key is not there > >>> but it's enabled in sshd_config you'll get a warning on boot which is > >>> very annoying. > >> > >> No.  Actually, "used with" is not controlled in sshd_config.  Only the > >> path to the key files is controlled by that config. > >> The sshd_flags variable in rc.conf is what controls "used with".  For > >> example, on my installs, I only want to use the ECDSA key and not > >> present any other protocol v2 keys to clients, thereby restricting it > >> to ECDSA.  The only way to go about this is to set the following: > >> sshd_flags="-h /etc/ssh/ssh_host_ecdsa_key" > >> Take a look at sshd(8), specifically the -h option for clarification. > > > > Aha, multiple options to accomplish the same thing. > > > > HostKey /etc/ssh/ssh_host_ecdsa_key > > > > in sshd_config should accomplish the same, shouldn't it?  I'd really > > prefer that to a command line option. > > And vice versa. Let's say you only uncomment the line for RSA keys in > sshd_config. Your server will still present the ECDSA key to clients > that understand it. Try: HostKey /usr/local/etc/ssh/ssh_host_rsa_key HostKey /dev/null HostKey none -- - (2^(N-1)) From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 17:31:40 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3FE96106566C; Mon, 25 Jun 2012 17:31:40 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) by mx1.freebsd.org (Postfix) with ESMTP id 217E08FC08; Mon, 25 Jun 2012 17:31:40 +0000 (UTC) Received: from delta.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id A3BC5C728; Mon, 25 Jun 2012 10:31:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1340645499; bh=o1vAVCBhlA2SR8cRTcx09ioXDoRtnzPvz+7d6rTG2WQ=; h=Date:From:Reply-To:To:CC:Subject; b=JD3a5MCHlU8fDDAxJS89YBB949e9AJNk0kNuCHL5YbpCimiNyriZqK4N8G87+2mzf hyn0P2pyLpvMoLev/9Zl4FS6bB7uZmwHE6m09XmSvXeBc9hwzxHC4degKzkJjIe5gr 519y8kP1pesiLsjLQH3NjZS6Cv3XvjvzyTmyRlhE= Message-ID: <4FE8A07A.60803@delphij.net> Date: Mon, 25 Jun 2012 10:31:38 -0700 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: Dag-Erling Smorgrav , "freebsd-security@freebsd.org" X-Enigmail-Version: 1.4 Content-Type: multipart/mixed; boundary="------------050705050107090703070800" Cc: d@delphij.net Subject: [PATCH] Make ssh-keyscan to fetch ECDSA keys by default X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 17:31:40 -0000 This is a multi-part message in MIME format. --------------050705050107090703070800 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, Dag-Erling, Here is a patch from OpenBSD which makes ssh-keyscan to fetch ECDSA keys by default, to match the default hostkey algorithm. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBCAAGBQJP6KB6AAoJEG80Jeu8UPuz3ksIAJnPmcFBDE0Uc7wW7H9b2ug4 coILQXSBXlXZqHuGd6HqI7ghz3fthe8oKxvNkjhEcrngLGWi3UXIEEVHnJAtHJaT tzUwxLPK6bn2ZiIxTxjKEEmXhbyhlggSRDCLMXKsrrJYltL5VX6pM/jWACeBnegm xh38KZ7yh8AIAaFyZVGZcIbWd9Yw6DXc7gTt4ifVQ537TdFnMlowuqxT/g27tZaq /fbEozwCTXCpBNqkhLyROF7pNqEHvdKbN6BeLf//7gnOuof2h5VDElf9Lacnek92 kRPSw/gboPo6UEEZ1OdGjecUnBlePYxpxIs6np4hDWaniR4VNq+DczIcmTDSnO4= =OzCc -----END PGP SIGNATURE----- --------------050705050107090703070800 Content-Type: text/plain; name="ssh-keyscan.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="ssh-keyscan.diff" Index: crypto/openssh/ssh-keyscan.c =================================================================== --- crypto/openssh/ssh-keyscan.c (revision 237520) +++ crypto/openssh/ssh-keyscan.c (working copy) @@ -57,7 +57,7 @@ int ssh_port = SSH_DEFAULT_PORT; #define KT_RSA 4 #define KT_ECDSA 8 -int get_keytypes = KT_RSA; /* Get only RSA keys by default */ +int get_keytypes = KT_RSA|KT_ECDSA;/* Get RSA and ECDSA keys by default */ int hash_hosts = 0; /* Hash hostname on output */ --------------050705050107090703070800-- From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 17:46:08 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 92EA4106564A for ; Mon, 25 Jun 2012 17:46:08 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 527098FC12 for ; Mon, 25 Jun 2012 17:46:08 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 2D2356B6E; Mon, 25 Jun 2012 17:46:07 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id EDCE98B71; Mon, 25 Jun 2012 19:46:06 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: d@delphij.net References: <4FE8A07A.60803@delphij.net> Date: Mon, 25 Jun 2012 19:46:06 +0200 In-Reply-To: <4FE8A07A.60803@delphij.net> (Xin Li's message of "Mon, 25 Jun 2012 10:31:38 -0700") Message-ID: <86ehp3xp29.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: "freebsd-security@freebsd.org" Subject: Re: [PATCH] Make ssh-keyscan to fetch ECDSA keys by default X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 17:46:08 -0000 Xin Li writes: > Here is a patch from OpenBSD which makes ssh-keyscan to fetch ECDSA > keys by default, to match the default hostkey algorithm. Please commit to head with MFC after: 1 week. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 19:07:05 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C10B6106566B for ; Mon, 25 Jun 2012 19:07:05 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) by mx1.freebsd.org (Postfix) with ESMTP id A29A58FC0A for ; Mon, 25 Jun 2012 19:07:05 +0000 (UTC) Received: from delta.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 47FCFCD25; Mon, 25 Jun 2012 12:07:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1340651225; bh=UIBgNgCK3RcJBiywdxl9Y/bGtNf3qnwOw/bsvRphOlM=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=FFVRHoWHQ4nlZryOMk2yJBZhVycSaWN1h/16lm/y4lU+esk05p+lxOI+SIU33CHi6 /rtmRQlyE3dZOZZSSClRml8dYJ6NsLMCw81VIR1Cu8/TFqmOEE0Df2iK1N7rcMSU7G cR5nk9FbwG9IodDYRORcY+9yhtsmrYRs/zLZghVI= Message-ID: <4FE8B6D8.6000105@delphij.net> Date: Mon, 25 Jun 2012 12:07:04 -0700 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= References: <4FE8A07A.60803@delphij.net> <86ehp3xp29.fsf@ds4.des.no> In-Reply-To: <86ehp3xp29.fsf@ds4.des.no> X-Enigmail-Version: 1.4 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: "freebsd-security@freebsd.org" , d@delphij.net Subject: Re: [PATCH] Make ssh-keyscan to fetch ECDSA keys by default X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 19:07:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The proposed change have been committed as r237567 (for vendor branch) and r237568 (merged to -HEAD with 1 week settle). Thanks! Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBCAAGBQJP6LbYAAoJEG80Jeu8UPuzYhoH/19O9w06fx3/7/xDERiZJ3j2 ZK26bALk9kysOKG/xD7kFPHfNs8xmAn79IdF7aitN7Xwaxz691Jjmj3YapFTcgIJ VNGqe43wIISQfog+hiISWsMowV8HEuTfM8pCUxDhHWXHlAwVBinMRWX5qXt82sYQ ijGktAR1sJUgESDQ7zEoKP6s3uPvuDYHJg3mHCk1HOtO/Huj5p4hs3nS4Dp+EVxp tM/gYlT712dEDIJNqrDSY5MCXmxUkor4PoAV7wHYVAYooa3FnIivIzXZK66P5DcZ MR3guvToxC+1tJcUVNEPqBubYoPqlV7KGtSOoTNt97u+s2diCIvHq71UG7/Yhkg= =d81d -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 19:35:58 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E0FE21065670 for ; Mon, 25 Jun 2012 19:35:58 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id A19848FC17 for ; Mon, 25 Jun 2012 19:35:58 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 95A5B6BF4; Mon, 25 Jun 2012 19:35:57 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 667DA8B87; Mon, 25 Jun 2012 21:35:57 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: d@delphij.net References: <4FE8A07A.60803@delphij.net> <86ehp3xp29.fsf@ds4.des.no> <4FE8B6D8.6000105@delphij.net> Date: Mon, 25 Jun 2012 21:35:57 +0200 In-Reply-To: <4FE8B6D8.6000105@delphij.net> (Xin Li's message of "Mon, 25 Jun 2012 12:07:04 -0700") Message-ID: <8662afxjz6.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: "freebsd-security@freebsd.org" Subject: Re: [PATCH] Make ssh-keyscan to fetch ECDSA keys by default X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 19:35:59 -0000 Xin Li writes: > The proposed change have been committed as r237567 (for vendor branch) > and r237568 (merged to -HEAD with 1 week settle). Thanks! Looks great, thanks DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 21:38:20 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 22EC8106566C for ; Mon, 25 Jun 2012 21:38:20 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) by mx1.freebsd.org (Postfix) with ESMTP id 9EF178FC15 for ; Mon, 25 Jun 2012 21:38:19 +0000 (UTC) Received: by wibhr14 with SMTP id hr14so1274129wib.13 for ; Mon, 25 Jun 2012 14:38:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=uE+BuMYQ3DyDyvKJeMQMPQNYoIke2/is6tOkZVU7xvY=; b=ueNT5elrGy9f7iyymwReGFfVoUJCGSe+ZEn/vWa2E8598xaPS5neLuHB1EK/SgFIcU sWE3Y1/yjHgoIx9bYKVBd9ClyE+j012l258oLALVC0fWFsR4GTJQmGj1ZjCGJZWlceBY UjkUGP4MyWd1LkW+Am/5usQhotQyHWqv9wxRnpu/lg5BjJZm9IqILm7YoTQedhyF0QgU HbEis4Znr1C2QJInxmK1zscuustW3/uokyTYn1n6/6sdYtF2/KrAcZhd7WSDPjHV8IYC P+t498pInn7xSRybwy4K0k8ZZWRFUEOfn8aP/bgwiD2AKhKL1xLlnmOexgTnOXddC+ru kiSg== Received: by 10.216.138.130 with SMTP id a2mr7582942wej.35.1340660293186; Mon, 25 Jun 2012 14:38:13 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id q6sm847853wiy.0.2012.06.25.14.38.10 (version=SSLv3 cipher=OTHER); Mon, 25 Jun 2012 14:38:11 -0700 (PDT) Date: Mon, 25 Jun 2012 22:38:07 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120625223807.4dbeb91d@gumby.homeunix.com> In-Reply-To: <86pq8nxtjp.fsf@ds4.des.no> References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 21:38:20 -0000 On Mon, 25 Jun 2012 18:09:14 +0200 Dag-Erling Sm=F8rgrav wrote: > RW writes: > > Dag-Erling Sm=F8rgrav writes: > > > You do know that these keys are used only for authentication, and > > > not for encryption, right? > > I'm not very familiar with ssh, but surely they're also used for > > session-key exchange, which makes them crucial to encryption. They > > should be as secure as the strongest symmetric cipher they need to > > work with. >=20 > No. They are used for authentication only. This is crypto 101. It also generates a shared secret for key exchange, which is pretty much what I said. > Having a copy of the host key allows you to do one thing and one thing > only: impersonate the server. It does not allow you to eavesdrop on > an already-established connection. It enables you to eavesdrop on new connections, and eavesdroppers are often in a position to force reconnection on old ones. > If the server is set up to require key-based user authentication, an > attacker would also have to obtain the user's key to mount an > effective man-in-the-middle attack. If an attacker is only interested in a specific client, it may not be any harder to break the second public key, than the first one.=20 From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 21:59:15 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id B436C1065670 for ; Mon, 25 Jun 2012 21:59:15 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 13A9014F918; Mon, 25 Jun 2012 21:59:06 +0000 (UTC) Message-ID: <4FE8DF29.50406@FreeBSD.org> Date: Mon, 25 Jun 2012 14:59:05 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1 MIME-Version: 1.0 To: RW References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> In-Reply-To: <20120625223807.4dbeb91d@gumby.homeunix.com> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 21:59:15 -0000 On 06/25/2012 02:38 PM, RW wrote: > On Mon, 25 Jun 2012 18:09:14 +0200 > Dag-Erling Smřrgrav wrote: > >> RW writes: >>> Dag-Erling Smřrgrav writes: >>>> You do know that these keys are used only for authentication, and >>>> not for encryption, right? >>> I'm not very familiar with ssh, but surely they're also used for >>> session-key exchange, which makes them crucial to encryption. They >>> should be as secure as the strongest symmetric cipher they need to >>> work with. >> >> No. They are used for authentication only. This is crypto 101. > > It also generates a shared secret for key exchange, which is pretty > much what I said. It's one of the elements included, yes. But having the host's secret key is not going to allow you to do anything other than impersonate the host. See https://tools.ietf.org/html/rfc4253#section-7 >> Having a copy of the host key allows you to do one thing and one thing >> only: impersonate the server. It does not allow you to eavesdrop on >> an already-established connection. > > It enables you to eavesdrop on new connections, Can you describe the mechanism used to do this? > and eavesdroppers > are often in a position to force reconnection on old ones. If you can get on the network link between the client and the host, yes, you can force an existing connection to drop. But that doesn't require the host's secret key. >> If the server is set up to require key-based user authentication, an >> attacker would also have to obtain the user's key to mount an >> effective man-in-the-middle attack. > > If an attacker is only interested in a specific client, it may not be > any harder to break the second public key, than the first one. Well that's just plain nonsense. The moon "may" be made of green cheese. :) But there are so many holes in that statement in regards to the original proposition that it's hardly worth the electrons it's printed on. From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 22:53:16 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B2E9F106566C for ; Mon, 25 Jun 2012 22:53:16 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) by mx1.freebsd.org (Postfix) with ESMTP id 33CEE8FC0A for ; Mon, 25 Jun 2012 22:53:16 +0000 (UTC) Received: by wibhr14 with SMTP id hr14so1316944wib.13 for ; Mon, 25 Jun 2012 15:53:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=nG4FO5VfWn1Eb8RPv0IsbSmy8NISHTfPs5mXahg5nYM=; b=ev2zt0QwAvBJNZhfw7RnQL0eTGgAs7SO5T7sez/6JHoOw0tNHALpYdUjm92KPRbHYQ sC0xEqmlJlC4hNvvXLsIrK2X7UigWiUq7cGKCdpEc0Qfmhua8bQCcWGSKW7E8pRvtSWU bhvjI7RP4wb2iDOGwRqS9iYkRE17/1MBATwTdAQoIH5+cEP5wVoI3kmpyir9zRGbHCF4 0l+VhOs2CR+aTUbLEkSQr4zQNzeYakzjORWTXK9SntVu+4vcXOpJNIUerP5Cg7nCLPOg oD1RbxOQE9QperybiumKCGZy4Mo6/2hiiqJdr0Gn9JbSvJhKw3PHRxSK720nWVVtXOoJ 9JJw== Received: by 10.216.81.7 with SMTP id l7mr808251wee.23.1340664795151; Mon, 25 Jun 2012 15:53:15 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id q6sm1227592wiy.0.2012.06.25.15.53.12 (version=SSLv3 cipher=OTHER); Mon, 25 Jun 2012 15:53:14 -0700 (PDT) Date: Mon, 25 Jun 2012 23:53:10 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120625235310.3eed966e@gumby.homeunix.com> In-Reply-To: <4FE8DF29.50406@FreeBSD.org> References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 22:53:16 -0000 On Mon, 25 Jun 2012 14:59:05 -0700 Doug Barton wrote: > >> Having a copy of the host key allows you to do one thing and one > >> thing only: impersonate the server. It does not allow you to > >> eavesdrop on an already-established connection. > > > > It enables you to eavesdrop on new connections, > > Can you describe the mechanism used to do this? Through a MITM attack if nothing else > > > and eavesdroppers > > are often in a position to force reconnection on old ones. > > If you can get on the network link between the client and the host, > yes, you can force an existing connection to drop. But that doesn't > require the host's secret key. I didn't say it did, I was referring to the statement: "It does not allow you to eavesdrop on an already-established connection." > >> If the server is set up to require key-based user authentication, > >> an attacker would also have to obtain the user's key to mount an > >> effective man-in-the-middle attack. > > > > If an attacker is only interested in a specific client, it may not > > be any harder to break the second public key, than the first one. > > Well that's just plain nonsense. The moon "may" be made of green > cheese. It depends on the nature of the attack, but the possibility that two arbitrary keys are of similar strength under a specific attack is not on a par with the moon being made of cheese. From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 23:45:25 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id 66CBD1065672 for ; Mon, 25 Jun 2012 23:45:25 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 0264914E231; Mon, 25 Jun 2012 23:45:24 +0000 (UTC) Message-ID: <4FE8F814.5020906@FreeBSD.org> Date: Mon, 25 Jun 2012 16:45:24 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:13.0) Gecko/20120624 Thunderbird/13.0.1 MIME-Version: 1.0 To: RW References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> In-Reply-To: <20120625235310.3eed966e@gumby.homeunix.com> X-Enigmail-Version: 1.4.2 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 23:45:25 -0000 On 06/25/2012 15:53, RW wrote: > On Mon, 25 Jun 2012 14:59:05 -0700 > Doug Barton wrote: > >>>> Having a copy of the host key allows you to do one thing and one >>>> thing only: impersonate the server. It does not allow you to >>>> eavesdrop on an already-established connection. >>> >>> It enables you to eavesdrop on new connections, >> >> Can you describe the mechanism used to do this? > > Through a MITM attack if nothing else Sorry, I wasn't clear. Please describe, in precise, reproducible terms, how one would accomplish this. Or, link to known script-kiddie resources ... whatever. My point being, I'm pretty confident that what you're asserting isn't true. But if I'm wrong, I'd like to learn why. >>> and eavesdroppers >>> are often in a position to force reconnection on old ones. >> >> If you can get on the network link between the client and the host, >> yes, you can force an existing connection to drop. But that doesn't >> require the host's secret key. > > I didn't say it did, I was referring to the statement: "It does not > allow you to eavesdrop on an already-established connection." So, correct, but irrelevant. >>>> If the server is set up to require key-based user authentication, >>>> an attacker would also have to obtain the user's key to mount an >>>> effective man-in-the-middle attack. >>> >>> If an attacker is only interested in a specific client, it may not >>> be any harder to break the second public key, than the first one. >> >> Well that's just plain nonsense. The moon "may" be made of green >> cheese. > > It depends on the nature of the attack, but the possibility that two > arbitrary keys are of similar strength under a specific attack is not > on a par with the moon being made of cheese. Again, correct, but irrelevant. Doug -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 00:53:29 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9B62C106564A for ; Tue, 26 Jun 2012 00:53:29 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) by mx1.freebsd.org (Postfix) with ESMTP id 210018FC08 for ; Tue, 26 Jun 2012 00:53:28 +0000 (UTC) Received: by wibhr14 with SMTP id hr14so1369168wib.13 for ; Mon, 25 Jun 2012 17:53:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=kWqNLf4aTWSOhzmtA+h5rRXdIR4y34lCmlVLXWc3KnQ=; b=kdZ8Ca4fQcZ/UhC5cmmT9rsMWxrXQNcHVuYWTS9zjkEpyfo0dRD9Jql5YxsJh6sbnI +dOw6VT+Bm1RMSyifpP5WFuvw7A9FxjnqjYr+aaYeZgBGzmNtjI+0T+HEyT+UeQugKKM i4b5V60/ZACpMCF2+2MGtiejZwZtFYmYxMh6N3z7ItSKIxZWdJDJsZThSMZIn7QMD0SN cSQYHICywZnYPbotAfNQMlR4rBl6Sf+Ot40H38GbIMAJujas7/4MJePE1wRGEWoE1s6z GTPp2YGf9OAjefJk2fQkmVQV7/tqIbEmhsVIvGgsQpGSP/3i+Nre2kj9tXwLSRMBcoCN sbXA== Received: by 10.180.97.165 with SMTP id eb5mr3189929wib.0.1340672008148; Mon, 25 Jun 2012 17:53:28 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id fm1sm1122718wib.10.2012.06.25.17.53.26 (version=SSLv3 cipher=OTHER); Mon, 25 Jun 2012 17:53:27 -0700 (PDT) Date: Tue, 26 Jun 2012 01:53:23 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120626015323.02b7f348@gumby.homeunix.com> In-Reply-To: <4FE8F814.5020906@FreeBSD.org> References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 00:53:29 -0000 On Mon, 25 Jun 2012 16:45:24 -0700 Doug Barton wrote: > On 06/25/2012 15:53, RW wrote: > > On Mon, 25 Jun 2012 14:59:05 -0700 > > Doug Barton wrote: > > > >>>> Having a copy of the host key allows you to do one thing and one > >>>> thing only: impersonate the server. It does not allow you to > >>>> eavesdrop on an already-established connection. > >>> > >>> It enables you to eavesdrop on new connections, > >> > >> Can you describe the mechanism used to do this? > > > > Through a MITM attack if nothing else > > Sorry, I wasn't clear. Please describe, in precise, reproducible > terms, how one would accomplish this. Or, link to known script-kiddie > resources ... whatever. My point being, I'm pretty confident that > what you're asserting isn't true. But if I'm wrong, I'd like to learn > why. Servers don't always require client keys for authentication. If they don't then a MITM attack only needs the server's key. From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 01:01:30 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by hub.freebsd.org (Postfix) with ESMTP id 013D01065688 for ; Tue, 26 Jun 2012 01:01:30 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id BD14617625F; Tue, 26 Jun 2012 00:58:50 +0000 (UTC) Message-ID: <4FE9094A.4080605@FreeBSD.org> Date: Mon, 25 Jun 2012 17:58:50 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:13.0) Gecko/20120624 Thunderbird/13.0.1 MIME-Version: 1.0 To: RW References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org> <20120626015323.02b7f348@gumby.homeunix.com> In-Reply-To: <20120626015323.02b7f348@gumby.homeunix.com> X-Enigmail-Version: 1.4.2 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 01:01:30 -0000 On 06/25/2012 17:53, RW wrote: > On Mon, 25 Jun 2012 16:45:24 -0700 > Doug Barton wrote: > >> On 06/25/2012 15:53, RW wrote: >>> On Mon, 25 Jun 2012 14:59:05 -0700 >>> Doug Barton wrote: >>> >>>>>> Having a copy of the host key allows you to do one thing and one >>>>>> thing only: impersonate the server. It does not allow you to >>>>>> eavesdrop on an already-established connection. >>>>> >>>>> It enables you to eavesdrop on new connections, >>>> >>>> Can you describe the mechanism used to do this? >>> >>> Through a MITM attack if nothing else >> >> Sorry, I wasn't clear. Please describe, in precise, reproducible >> terms, how one would accomplish this. Or, link to known script-kiddie >> resources ... whatever. My point being, I'm pretty confident that >> what you're asserting isn't true. But if I'm wrong, I'd like to learn >> why. > > Servers don't always require client keys for authentication. If they > don't then a MITM attack only needs the server's key. Once again, please describe *how* the MITM is accomplished. If you can't, then please stop posting on this topic. My point is that the ssh protocol is designed specifically to prevent what you're describing. Doug -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 01:46:31 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1B090106566C for ; Tue, 26 Jun 2012 01:46:31 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 9987D8FC08 for ; Tue, 26 Jun 2012 01:46:30 +0000 (UTC) Received: by wgbds11 with SMTP id ds11so4492243wgb.31 for ; Mon, 25 Jun 2012 18:46:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=3h36A1vF/q2t5YyvFzL6HyaEXWnya3/CUjjFBwAmVU8=; b=r55IjZ5lx3c7M/IfzjbtouK9o4eiMYZhbvoffZy4MTLYn6lF4kUY4oR5GSfj+9atS8 BfStfIgZVh3hWsZZ7JYCHu7mAa0OTvB6VxCOK2GGMGcb8NCadb8ZRnpmfq9ITy3XUhmr kTdAl3H20IOmzC6tXq5wYZR45XMWYwK6o+zQQta3UnMLXec00wOPZ0/QdClXNQLT+r0d T4PrzIY2uUNk+rtjDVKJttQHjHSYuOYG2VjLRc8XAQY+8EAJkK72i00uL/CjebfpOmTn UYGiEEngOaH7x1WfGUR+/1aui5pnlZEnv4iOdrEyrdkYeJiHdrRRqZHsuRIqzng/2wX5 YfsA== Received: by 10.216.144.228 with SMTP id n78mr6980527wej.26.1340675189348; Mon, 25 Jun 2012 18:46:29 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id gv7sm1339583wib.4.2012.06.25.18.46.26 (version=SSLv3 cipher=OTHER); Mon, 25 Jun 2012 18:46:28 -0700 (PDT) Date: Tue, 26 Jun 2012 02:46:24 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120626024624.4c333bd2@gumby.homeunix.com> In-Reply-To: <4FE9094A.4080605@FreeBSD.org> References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org> <20120626015323.02b7f348@gumby.homeunix.com> <4FE9094A.4080605@FreeBSD.org> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 01:46:31 -0000 On Mon, 25 Jun 2012 17:58:50 -0700 Doug Barton wrote: > On 06/25/2012 17:53, RW wrote: > > On Mon, 25 Jun 2012 16:45:24 -0700 > > Doug Barton wrote: > > > >> On 06/25/2012 15:53, RW wrote: > >>> On Mon, 25 Jun 2012 14:59:05 -0700 > >>> Doug Barton wrote: > >>> > >>>>>> Having a copy of the host key allows you to do one thing and > >>>>>> one thing only: impersonate the server. It does not allow you > >>>>>> to eavesdrop on an already-established connection. > >>>>> > >>>>> It enables you to eavesdrop on new connections, > >>>> > >>>> Can you describe the mechanism used to do this? > >>> > >>> Through a MITM attack if nothing else > >> > >> Sorry, I wasn't clear. Please describe, in precise, reproducible > >> terms, how one would accomplish this. Or, link to known > >> script-kiddie resources ... whatever. My point being, I'm pretty > >> confident that what you're asserting isn't true. But if I'm wrong, > >> I'd like to learn why. > > > > Servers don't always require client keys for authentication. If they > > don't then a MITM attack only needs the server's key. > > Once again, please describe *how* the MITM is accomplished. If you > can't, then please stop posting on this topic. > > My point is that the ssh protocol is designed specifically to prevent > what you're describing. If you've obtained the server's private key by breaking the public key you can accept connections from clients just as if you are are the real server. If the server doesn't store client keys then there's nothing to stop you establishing a separate connection with any client side key and performing a MITM attack. From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 01:55:55 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id DAFEF106566C for ; Tue, 26 Jun 2012 01:55:55 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 68D9514DDCF; Tue, 26 Jun 2012 01:55:55 +0000 (UTC) Message-ID: <4FE916AA.6050503@FreeBSD.org> Date: Mon, 25 Jun 2012 18:55:54 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:13.0) Gecko/20120624 Thunderbird/13.0.1 MIME-Version: 1.0 To: RW References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org> <20120626015323.02b7f348@gumby.homeunix.com> <4FE9094A.4080605@FreeBSD.org> <20120626024624.4c333bd2@gumby.homeunix.com> In-Reply-To: <20120626024624.4c333bd2@gumby.homeunix.com> X-Enigmail-Version: 1.4.2 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 01:55:55 -0000 On 06/25/2012 18:46, RW wrote: > On Mon, 25 Jun 2012 17:58:50 -0700 > Doug Barton wrote: > >> On 06/25/2012 17:53, RW wrote: >>> On Mon, 25 Jun 2012 16:45:24 -0700 >>> Doug Barton wrote: >>> >>>> On 06/25/2012 15:53, RW wrote: >>>>> On Mon, 25 Jun 2012 14:59:05 -0700 >>>>> Doug Barton wrote: >>>>> >>>>>>>> Having a copy of the host key allows you to do one thing and >>>>>>>> one thing only: impersonate the server. It does not allow you >>>>>>>> to eavesdrop on an already-established connection. >>>>>>> >>>>>>> It enables you to eavesdrop on new connections, >>>>>> >>>>>> Can you describe the mechanism used to do this? >>>>> >>>>> Through a MITM attack if nothing else >>>> >>>> Sorry, I wasn't clear. Please describe, in precise, reproducible >>>> terms, how one would accomplish this. Or, link to known >>>> script-kiddie resources ... whatever. My point being, I'm pretty >>>> confident that what you're asserting isn't true. But if I'm wrong, >>>> I'd like to learn why. >>> >>> Servers don't always require client keys for authentication. If they >>> don't then a MITM attack only needs the server's key. >> >> Once again, please describe *how* the MITM is accomplished. If you >> can't, then please stop posting on this topic. >> >> My point is that the ssh protocol is designed specifically to prevent >> what you're describing. > > If you've obtained the server's private key by breaking the public > key you can accept connections from clients just as if you are are the > real server. Right. That's what Dag-Erling and I have been saying all along. If you have the private host key you can impersonate the server. That's not a MITM attack. That's impersonating the server. > If the server doesn't store client keys then there's > nothing to stop you establishing a separate connection with any client > side key and performing a MITM attack. Last chance ... how, precisely, do you claim to be able to do this? -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 02:13:02 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1BFDD106564A; Tue, 26 Jun 2012 02:13:02 +0000 (UTC) (envelope-from wollman@hergotha.csail.mit.edu) Received: from hergotha.csail.mit.edu (wollman-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:ccb::2]) by mx1.freebsd.org (Postfix) with ESMTP id B65788FC12; Tue, 26 Jun 2012 02:13:01 +0000 (UTC) Received: from hergotha.csail.mit.edu (localhost [127.0.0.1]) by hergotha.csail.mit.edu (8.14.5/8.14.5) with ESMTP id q5Q2D07W063849; Mon, 25 Jun 2012 22:13:00 -0400 (EDT) (envelope-from wollman@hergotha.csail.mit.edu) Received: (from wollman@localhost) by hergotha.csail.mit.edu (8.14.5/8.14.4/Submit) id q5Q2D0sr063846; Mon, 25 Jun 2012 22:13:00 -0400 (EDT) (envelope-from wollman) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <20457.6828.250844.390589@hergotha.csail.mit.edu> Date: Mon, 25 Jun 2012 22:13:00 -0400 From: Garrett Wollman To: Doug Barton In-Reply-To: <4FE916AA.6050503@FreeBSD.org> References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org> <20120626015323.02b7f348@gumby.homeunix.com> <4FE9094A.4080605@FreeBSD.org> <20120626024624.4c333bd2@gumby.homeunix.com> <4FE916AA.6050503@FreeBSD.org> X-Mailer: VM 7.17 under 21.4 (patch 22) "Instant Classic" XEmacs Lucid X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (hergotha.csail.mit.edu [127.0.0.1]); Mon, 25 Jun 2012 22:13:00 -0400 (EDT) X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=disabled version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on hergotha.csail.mit.edu X-Mailman-Approved-At: Tue, 26 Jun 2012 02:20:17 +0000 Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 02:13:02 -0000 < said: > Right. That's what Dag-Erling and I have been saying all along. If you > have the private host key you can impersonate the server. That's not a > MITM attack. That's impersonating the server. If you can impersonate an ssh server, you can also do MitM, if the client isn't using an authentication mechanism that is securely tied to the ephemeral DH key protecting the session. Not clear that this makes any difference in practice. -GAWollman From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 02:20:36 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by hub.freebsd.org (Postfix) with ESMTP id 54A25106564A for ; Tue, 26 Jun 2012 02:20:36 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id CE049152282; Tue, 26 Jun 2012 02:20:35 +0000 (UTC) Message-ID: <4FE91C73.8040500@FreeBSD.org> Date: Mon, 25 Jun 2012 19:20:35 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:13.0) Gecko/20120624 Thunderbird/13.0.1 MIME-Version: 1.0 To: Garrett Wollman References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org> <20120626015323.02b7f348@gumby.homeunix.com> <4FE9094A.4080605@FreeBSD.org> <20120626024624.4c333bd2@gumby.homeunix.com> <4FE916AA.6050503@FreeBSD.org> <20457.6828.250844.390589@hergotha.csail.mit.edu> In-Reply-To: <20457.6828.250844.390589@hergotha.csail.mit.edu> X-Enigmail-Version: 1.4.2 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 02:20:36 -0000 On 06/25/2012 19:13, Garrett Wollman wrote: > < said: > >> Right. That's what Dag-Erling and I have been saying all along. If you >> have the private host key you can impersonate the server. That's not a >> MITM attack. That's impersonating the server. > > If you can impersonate an ssh server, you can also do MitM, if the > client isn't using an authentication mechanism that is securely tied > to the ephemeral DH key protecting the session. Not clear that this > makes any difference in practice. If you're impersonating the server you already have the traffic, whatever else you can do for *that session* is an implementation detail. For the zillionth time, my point is that being able to impersonate the server is not going to get you anywhere for sessions *other* than the ones that terminate at your fake-but-has-the-private-key host. If anyone believes otherwise, please post how it can be done, in detail. Otherwise please let this thread die. Doug -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 02:56:14 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B37A6106564A for ; Tue, 26 Jun 2012 02:56:14 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 372998FC1F for ; Tue, 26 Jun 2012 02:56:14 +0000 (UTC) Received: by wgbds11 with SMTP id ds11so4524178wgb.31 for ; Mon, 25 Jun 2012 19:56:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=+QeuOYifIqyWlkT9DsuHYnR0I24htU9oOb6ln4+f83c=; b=VGsXlsTsarAq5S9fanOMPHlAfp+ERIwF9aVQdEFXSlpmLFfhL6qCetXJywsIg5eeDY vq9MY+KRX7ECOOVkFoDIXSu7rLK+GI1f+Fkx0yhDqdxVVPaCEc4HLwDDzXma1jSzBpxk AsbcItJ3ZSo3Q7uc5LspqSYwYP6XMDoyCnZEe8PG6C8/NnPFj5vYDYwdflQq04+yk7fB 6FxU6whrQroSPfVeVWhQI6DMud0z85zhKSt/vIAGksB3UZJaNMZUkVSMaQ+4NhDnQbOp C5wuBOGiRajTjmbPzqenQsgyue+lq0u84aTKxHTpJiaIeltV2dqKCHd0Z27RfAkXkZCW XAtA== Received: by 10.216.140.33 with SMTP id d33mr7539467wej.113.1340679373038; Mon, 25 Jun 2012 19:56:13 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id fu8sm1591619wib.5.2012.06.25.19.56.11 (version=SSLv3 cipher=OTHER); Mon, 25 Jun 2012 19:56:12 -0700 (PDT) Date: Tue, 26 Jun 2012 03:56:09 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120626035609.0d0f061b@gumby.homeunix.com> In-Reply-To: <4FE916AA.6050503@FreeBSD.org> References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org> <20120626015323.02b7f348@gumby.homeunix.com> <4FE9094A.4080605@FreeBSD.org> <20120626024624.4c333bd2@gumby.homeunix.com> <4FE916AA.6050503@FreeBSD.org> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 02:56:14 -0000 On Mon, 25 Jun 2012 18:55:54 -0700 Doug Barton wrote: > >> My point is that the ssh protocol is designed specifically to > >> prevent what you're describing. > > > > If you've obtained the server's private key by breaking the public > > key you can accept connections from clients just as if you are are > > the real server. > > Right. That's what Dag-Erling and I have been saying all along. If you > have the private host key you can impersonate the server. That's not a > MITM attack. That's impersonating the server. If only the server is authenticated, then impersonating the server is the only impediment to a MITM attack (aside from intercepting the netwok traffic). If the server has client keys then obviously it wont work. > > If the server doesn't store client keys then there's > > nothing to stop you establishing a separate connection with any > > client side key and performing a MITM attack. > > Last chance ... how, precisely, do you claim to be able to do this? What's to stop you doing it where there's no authentication of clients? All the attacker needs to do is establish an ssh connection to the server and relay what he's getting from the original client. The situation is analogous to performing a MITM attack against a website where the ssl keys have been stolen by the attacker. From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 03:14:48 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3F8D0106564A for ; Tue, 26 Jun 2012 03:14:48 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id B5EF38FC15 for ; Tue, 26 Jun 2012 03:14:47 +0000 (UTC) Received: by werg1 with SMTP id g1so4221737wer.13 for ; Mon, 25 Jun 2012 20:14:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=I9tXSeRspx+4Fr80pkmXylC7RvxylBu4SmISwsn6Oi8=; b=BllJsB0f2lG7A4BIczzXmIeaeeyYkbVA/hBq1MPptxpOQF7/CfO0i4Sa/HEyQjZ3e5 EeBUA+y+BheKXWKBu1gyFxZRw4W/oCmaoSSiLBgoXNF5lTuPfUS5NU86xdUHuz1cOdv7 RMiLRsQKDZ0G0KCpXNfM9PoGrBvuAaxFw31rm7O1GQtsYSUQsYxW2IncE1GAAkzrh1v4 S5PbHYq+CUIut9tEUww/mikn5h8DWzmh8ViC+kJ6MiK2whbDfd8yoHAoHSbG5+G/KeMM 1wOb3k1LJN3rhhZQvALKda7LKlVN/wT96pDmwxlTjtDvilGOvqEUm8eSATO67qaG4cMs UeYQ== Received: by 10.180.102.9 with SMTP id fk9mr3917790wib.1.1340680484166; Mon, 25 Jun 2012 20:14:44 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id z8sm3169951wiy.1.2012.06.25.20.14.41 (version=SSLv3 cipher=OTHER); Mon, 25 Jun 2012 20:14:43 -0700 (PDT) Date: Tue, 26 Jun 2012 04:14:40 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120626041440.7ac5a517@gumby.homeunix.com> In-Reply-To: <4FE91C73.8040500@FreeBSD.org> References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org> <20120626015323.02b7f348@gumby.homeunix.com> <4FE9094A.4080605@FreeBSD.org> <20120626024624.4c333bd2@gumby.homeunix.com> <4FE916AA.6050503@FreeBSD.org> <20457.6828.250844.390589@hergotha.csail.mit.edu> <4FE91C73.8040500@FreeBSD.org> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 03:14:48 -0000 On Mon, 25 Jun 2012 19:20:35 -0700 Doug Barton wrote: > For the zillionth time, my point is that being able to impersonate the > server is not going to get you anywhere for sessions *other* than the > ones that terminate at your fake-but-has-the-private-key host. It's actually the first time that anyone has mentioned other sessions, not the zillionth. From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 03:47:31 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A69241065670 for ; Tue, 26 Jun 2012 03:47:31 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 495DA8FC18 for ; Tue, 26 Jun 2012 03:47:31 +0000 (UTC) Received: by yenl8 with SMTP id l8so4062210yen.13 for ; Mon, 25 Jun 2012 20:47:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=TLDLZAgVDSF5N+eCRET6tXVshXvzCdZUpagradPDakQ=; b=Mn9hLaGGz80DqpeOT93ML07pst1sriPF52wY0+4Di6uHLrcI639FgHZCgmO+DQUmLL 3Vc3RvzjBIMS0mXvXMfQnPUJhc90AmQnxaISD9fgl/jdV7IikNqt/aahMGZIDVSMX3oC 7slgyPYWI2+G3LrY+uGaPo1uT+XlAvTaq0Jmo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=TLDLZAgVDSF5N+eCRET6tXVshXvzCdZUpagradPDakQ=; b=ehByJ8ejr/qEAuYBCWY07gYNStbbEJwvqQfn8zK1XSg1wjKEub3DS+6w4G5HevoAGL +tTc+NX/J62PKed0Ye6NGK5yhTmcu4qoX9VJrI+aPCrWQeC2Sq68/Yna3tBu+W6k33vv oUzt5jU2QIWziUwU0WoLnR6IhZRo1NMvZJKegMom1zaYKPZLpmmtzr5hNPPN/5ZqgtsN FzUxiNmBjONgCPC7oWZ2SZlFraSU4TMCxEfSW3rvyW8tpR/ZILt7ygDoP458/JEyy4Qs FKFgvApPH3K3c8HXFPmEqDu1vBLryGLMre+aObjeMz/MjyEQlXjMfq4bLPFX9ij1fLmd l8ow== Received: by 10.42.155.200 with SMTP id v8mr7982276icw.12.1340682450417; Mon, 25 Jun 2012 20:47:30 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id v17sm1824346igv.7.2012.06.25.20.47.29 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 25 Jun 2012 20:47:29 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5Q3lRl7057097 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 25 Jun 2012 23:47:27 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5Q3lReY057096; Mon, 25 Jun 2012 23:47:27 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Mon, 25 Jun 2012 23:47:27 -0400 From: "J. Hellenthal" To: RW Message-ID: <20120626034727.GA56503@DataIX.net> References: <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org> <20120626015323.02b7f348@gumby.homeunix.com> <4FE9094A.4080605@FreeBSD.org> <20120626024624.4c333bd2@gumby.homeunix.com> <4FE916AA.6050503@FreeBSD.org> <20120626035609.0d0f061b@gumby.homeunix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120626035609.0d0f061b@gumby.homeunix.com> X-Gm-Message-State: ALoCoQkI1CSPJYvPpCzooTJkyB45CEeyMqGFLD8xMU85BohrvC1uioRYIj6KPuq5B2PR5Pm0pxHl Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 03:47:31 -0000 On Tue, Jun 26, 2012 at 03:56:09AM +0100, RW wrote: > On Mon, 25 Jun 2012 18:55:54 -0700 > Doug Barton wrote: > > > > >> My point is that the ssh protocol is designed specifically to > > >> prevent what you're describing. > > > > > > If you've obtained the server's private key by breaking the public > > > key you can accept connections from clients just as if you are are > > > the real server. > > > > Right. That's what Dag-Erling and I have been saying all along. If you > > have the private host key you can impersonate the server. That's not a > > MITM attack. That's impersonating the server. > > If only the server is authenticated, then impersonating the > server is the only impediment to a MITM attack (aside from > intercepting the netwok traffic). If the server has client keys then > obviously it wont work. > > > > If the server doesn't store client keys then there's > > > nothing to stop you establishing a separate connection with any > > > client side key and performing a MITM attack. > > > > Last chance ... how, precisely, do you claim to be able to do this? > > What's to stop you doing it where there's no authentication of clients? > All the attacker needs to do is establish an ssh connection to the > server and relay what he's getting from the original client. The > situation is analogous to performing a MITM attack against a website > where the ssl keys have been stolen by the attacker. Client -> FakeSSHD -> RealHOST If FakeSSHD has RealHOST's ssh_host_*_key's then they are able to impersonate RealHOST and prompt for a password that no matter wether it is correct will just silently drop all further traffic and relay to the RealHOST in which they never realize the difference while the operator of FakeSSHD now has a password for RealHOST from the user. The user would not be the wiser to just think there is something wrong in their environment or the servers environment and will be left clueless. Still have yet to hear of something like this happening but its real enough considering some of the exploits out there. But this is all way to far beyond what this thread is supposed to be about and beyond the scope of FreeBSD entirely so lets just let it drop or pick it up on FD. -- - (2^(N-1)) From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 03:50:24 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6A5BF1065670 for ; Tue, 26 Jun 2012 03:50:24 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by mx1.freebsd.org (Postfix) with ESMTP id 10B948FC14 for ; Tue, 26 Jun 2012 03:50:23 +0000 (UTC) Received: by yhq56 with SMTP id 56so3854721yhq.17 for ; Mon, 25 Jun 2012 20:50:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=lTdE0K+3vsYMGS1omVWRjwpeVOWHVeoyE0GdPXJcF+g=; b=Ythuh+J628W7tWHnRRzq3fMnMeLHkEb2PHa8xVz4RkciWXoERnpH3fXBLewhnnQDfC RiYk/E22benc1birNTiKqDQSTi8z/UAnNQbfEw2U5qFm7qXM1LDg43d5n9bwLQPWnMTb 0J1jdpgMPgYnVn6sb1X5+5fFeHLFCMvAUTdXY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=lTdE0K+3vsYMGS1omVWRjwpeVOWHVeoyE0GdPXJcF+g=; b=kT8hZMKGPLbgKGMQhPDLGH3KHfiSLQ2sbvAUXZKMQ4lQzqZyxSgbRF7VUdPAM4lSMu J/DNqaRCPCozbOZFcM+ypxZqu4fQmujeyBw6+zJ7hVOeci8dXoPash/Hx7aFZEWjVU1i tCWPpo3kkjiIJLG7hB//6dH4dd78rPJ0+lChFXhVsUKvjbML2rjJWEvp/xDtRvn2LXbS NkhTjgmErtM4RUDx0bxaFlUBSAJMWuK3H2jwwN7mO3SLVZwUMDTZMH6FSO9oUovsi4lf 7R7oaqUM1WRn9AVOXAeUwqf0rpo/rkfXIiXn145s3QSMygW9/KZdj2+Wxmk4CVDro9lH jz0g== Received: by 10.42.66.13 with SMTP id n13mr2977196ici.39.1340682622875; Mon, 25 Jun 2012 20:50:22 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id z8sm997069igi.5.2012.06.25.20.50.22 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 25 Jun 2012 20:50:22 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5Q3oK2R057283 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 25 Jun 2012 23:50:20 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5Q3oK0G057282; Mon, 25 Jun 2012 23:50:20 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Mon, 25 Jun 2012 23:50:20 -0400 From: "J. Hellenthal" To: d@delphij.net Message-ID: <20120626035020.GB56503@DataIX.net> References: <4FE8A07A.60803@delphij.net> <86ehp3xp29.fsf@ds4.des.no> <4FE8B6D8.6000105@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4FE8B6D8.6000105@delphij.net> X-Gm-Message-State: ALoCoQmg5Q1hVc8Ce1WtXPNUnu7sSkk4OUbcTkQNZ8FzT58gBVM4BwUhfytKcqLC4etdnd0Li2od Cc: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= , "freebsd-security@freebsd.org" Subject: Re: [PATCH] Make ssh-keyscan to fetch ECDSA keys by default X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 03:50:24 -0000 Thanks Xin Li. sunpoet, I don't suppose you could port this into security/openssh-portable ? could you ? On Mon, Jun 25, 2012 at 12:07:04PM -0700, Xin Li wrote: > The proposed change have been committed as r237567 (for vendor branch) > and r237568 (merged to -HEAD with 1 week settle). Thanks! > > Cheers, > -- > Xin LI https://www.delphij.net/ > FreeBSD - The Power to Serve! Live free or die > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- - (2^(N-1)) From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 11:01:13 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 97A64106566B for ; Tue, 26 Jun 2012 11:01:13 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 54DBA8FC14 for ; Tue, 26 Jun 2012 11:01:13 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id BA8B76E29; Tue, 26 Jun 2012 11:01:12 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 89D838C33; Tue, 26 Jun 2012 13:01:12 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: RW References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> Date: Tue, 26 Jun 2012 13:01:12 +0200 In-Reply-To: <20120625223807.4dbeb91d@gumby.homeunix.com> (RW's message of "Mon, 25 Jun 2012 22:38:07 +0100") Message-ID: <86sjdiwd53.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 11:01:13 -0000 RW writes: > Dag-Erling Sm=C3=B8rgrav writes: > > [host keys] are used for authentication only. This is crypto 101. > It also generates a shared secret for key exchange, which is pretty > much what I said. No. It is used to *sign* the key exhange, in order to authenticate the server. It is not used to *generate* the key. You need to read up on Diffie Hellman and the SSH transport layer (RFC 4253). The only way to intercept the key is a man-in-the-middle attack (negotiate a KEX with the client, sign it with the stolen host key, and negotiate a KEX with the server, pretending to be the client) > > Having a copy of the host key allows you to do one thing and one thing > > only: impersonate the server. It does not allow you to eavesdrop on > > an already-established connection. > It enables you to eavesdrop on new connections, and eavesdroppers > are often in a position to force reconnection on old ones. No. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 07:24:42 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B335E106564A for ; Tue, 26 Jun 2012 07:24:42 +0000 (UTC) (envelope-from andy@brodnik.org) Received: from svarun.brodnik.org (www.brodnik.org [193.77.156.167]) by mx1.freebsd.org (Postfix) with ESMTP id 69FE68FC14 for ; Tue, 26 Jun 2012 07:24:42 +0000 (UTC) Received: from [192.168.127.8] (AndyAir.gotska.brodnik.org [192.168.127.8]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by svarun.brodnik.org (Postfix) with ESMTPSA id E5B914AC07 for ; Tue, 26 Jun 2012 09:12:27 +0200 (CEST) Message-ID: <4FE96172.6090109@brodnik.org> Date: Tue, 26 Jun 2012 09:14:58 +0200 From: "Andrej (Andy) Brodnik" User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org> <20120626015323.02b7f348@gumby.homeunix.com> <4FE9094A.4080605@FreeBSD.org> <20120626024624.4c333bd2@gumby.homeunix.com> <4FE916AA.6050503@FreeBSD.org> <20120626035609.0d0f061b@gumby.homeunix.com> <20120626034727.GA56503@DataIX.net> In-Reply-To: <20120626034727.GA56503@DataIX.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Tue, 26 Jun 2012 11:23:23 +0000 Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 07:24:42 -0000 Dne 6/26/12 5:47 AM, piše J. Hellenthal: > > On Tue, Jun 26, 2012 at 03:56:09AM +0100, RW wrote: >> On Mon, 25 Jun 2012 18:55:54 -0700 >> Doug Barton wrote: >> >> >>>>> My point is that the ssh protocol is designed specifically to >>>>> prevent what you're describing. >>>> If you've obtained the server's private key by breaking the public >>>> key you can accept connections from clients just as if you are are >>>> the real server. >>> Right. That's what Dag-Erling and I have been saying all along. If you >>> have the private host key you can impersonate the server. That's not a >>> MITM attack. That's impersonating the server. >> If only the server is authenticated, then impersonating the >> server is the only impediment to a MITM attack (aside from >> intercepting the netwok traffic). If the server has client keys then >> obviously it wont work. >> >>>> If the server doesn't store client keys then there's >>>> nothing to stop you establishing a separate connection with any >>>> client side key and performing a MITM attack. >>> Last chance ... how, precisely, do you claim to be able to do this? >> What's to stop you doing it where there's no authentication of clients? >> All the attacker needs to do is establish an ssh connection to the >> server and relay what he's getting from the original client. The >> situation is analogous to performing a MITM attack against a website >> where the ssl keys have been stolen by the attacker. > Client -> FakeSSHD -> RealHOST > > If FakeSSHD has RealHOST's ssh_host_*_key's then they are able to > impersonate RealHOST and prompt for a password that no matter wether it > is correct will just silently drop all further traffic and relay to the > RealHOST in which they never realize the difference while the operator > of FakeSSHD now has a password for RealHOST from the user. The user > would not be the wiser to just think there is something wrong in their > environment or the servers environment and will be left clueless. > > Still have yet to hear of something like this happening but its real > enough considering some of the exploits out there. > > But this is all way to far beyond what this thread is supposed to be > about and beyond the scope of FreeBSD entirely so lets just let it drop > or pick it up on FD. However, in the above scenario, the RealHOST will answer using Client's public key which FakeSSHD will not be able to understand without having Client's private key. LPA (== {Lep pozdrav! Andrej}_{Slovene} == {Best Regards, Andrej}) From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 14:13:06 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3E8011065677 for ; Tue, 26 Jun 2012 14:13:06 +0000 (UTC) (envelope-from feld@feld.me) Received: from feld.me (unknown [IPv6:2607:f4e0:100:300::2]) by mx1.freebsd.org (Postfix) with ESMTP id 004D38FC12 for ; Tue, 26 Jun 2012 14:13:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=feld.me; s=blargle; h=In-Reply-To:Message-Id:From:Mime-Version:Date:References:Subject:To:Content-Type; bh=yk+NwxqpOn05YQshISuU6AouHvwastxfoWmqAOTe+yM=; b=rX23TmH5NLD699JoGh9GWXX8uFO6+t9jHNsMDxJe6l1Ps765pwPKov6Fpkr4X9Bp1KsxdH6MTFBrLWtJWQdMkvPFPbPXgY5b1SOPQ8EmDFyqCyYZH7Gm1Var/SYalKfb; Received: from localhost ([127.0.0.1] helo=mwi1.coffeenet.org) by feld.me with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1SjWVs-000Ctk-CE for freebsd-security@freebsd.org; Tue, 26 Jun 2012 09:13:05 -0500 Received: from feld@feld.me by mwi1.coffeenet.org (Archiveopteryx 3.1.4) with esmtpa id 1340719978-94480-94479/5/55; Tue, 26 Jun 2012 14:12:58 +0000 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: freebsd-security@freebsd.org References: <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org> <20120626015323.02b7f348@gumby.homeunix.com> <4FE9094A.4080605@FreeBSD.org> <20120626024624.4c333bd2@gumby.homeunix.com> <4FE916AA.6050503@FreeBSD.org> <20120626035609.0d0f061b@gumby.homeunix.com> <20120626034727.GA56503@DataIX.net> Date: Tue, 26 Jun 2012 09:12:57 -0500 Mime-Version: 1.0 From: Mark Felder Message-Id: In-Reply-To: <20120626034727.GA56503@DataIX.net> User-Agent: Opera Mail/12.00 (FreeBSD) X-SA-Score: -1.5 Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 14:13:06 -0000 On Mon, 25 Jun 2012 22:47:27 -0500, J. Hellenthal wrote: > > Still have yet to hear of something like this happening but its real > enough considering some of the exploits out there. > Cisco Ironport devices do MITM for SSL and SSH. Clearly someone wrote enough of the code that this is feasible. It doesn't steal your passwords though, just sniffs your unencrypted session traffic to "protect company IP from being leaked". And yes, you'll get an error that the host key has changed but it wouldn't be hard to put in the destination key if you had it. From owner-freebsd-security@FreeBSD.ORG Tue Jun 26 22:17:05 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DF98B106577F for ; Tue, 26 Jun 2012 22:17:04 +0000 (UTC) (envelope-from taliedge9@gmail.com) Received: from mail-gg0-f182.google.com (mail-gg0-f182.google.com [209.85.161.182]) by mx1.freebsd.org (Postfix) with ESMTP id A15788FC16 for ; Tue, 26 Jun 2012 22:17:02 +0000 (UTC) Received: by ggnm2 with SMTP id m2so507376ggn.13 for ; Tue, 26 Jun 2012 15:17:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=Qk/+JRfYz3oln/S9nRDPrZOZATwR92XVWX59fauQ/Z4=; b=KhfFVrCUVvdbd4GCirj5JdBYFoR0FYRu0QJ7HQFytYTF1FzKkxW2Wqe0J0+ElXX/Yy H8IoXm2UKqjSl5vyhEnztVOucn6oDj34t8VpUgYs00QKWIx7toBUXyxYXg0Dam1PNLkz xuMmal4HgHX1nTRHvvFY6XElmIlexP43QFlToeR3teFxm68xGR66CdiA+MuqTjxRQXOd jj7bbFIjiStReZ6cC3CwNXmA1vyrzb4Dv7hWESghPjnBIPCeovlPNR6CtJFOp/4A2GuJ S/KZGVsPgKRythmTzZYa9fib9k29RGlS/DR8cuIw0qFWtyXux8D/aER+euG+RTTLEfeA QCKQ== MIME-Version: 1.0 Received: by 10.50.190.230 with SMTP id gt6mr12494620igc.48.1340749021945; Tue, 26 Jun 2012 15:17:01 -0700 (PDT) Received: by 10.64.126.232 with HTTP; Tue, 26 Jun 2012 15:17:01 -0700 (PDT) Date: Wed, 27 Jun 2012 00:17:01 +0200 Message-ID: From: trap9 trap9 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: BSD TelnetD Exploit on one of my servers X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 22:17:05 -0000 This is what I find on one of my servers : It appears to be a telnet exploit code for CVE-2011-4862. http://www.4shared.com/zip/mgSStKnU/wolverine-final.html Richard From owner-freebsd-security@FreeBSD.ORG Wed Jun 27 01:51:36 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D881010656FD for ; Wed, 27 Jun 2012 01:51:35 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-gh0-f182.google.com (mail-gh0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id 3D1828FC17 for ; Wed, 27 Jun 2012 01:51:35 +0000 (UTC) Received: by ghbz22 with SMTP id z22so648162ghb.13 for ; Tue, 26 Jun 2012 18:51:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=SfAHjsbdAjNKyi6dqU8tgrN+i5H9psaDr9VZWUhP3Zw=; b=Hs519DL268dFyr0lqLciX+0xYz0ok87Nt4MAa0H66GJo1x5NUEe0xOH2QGzYwSH1lZ aEwke46C6mmXQxkZRjnXWpi+sQre6PVLSakcUiltinaMbP9URUOhcjOuag/V3g0Mem8b k5uK4R6/Y3VNOJi6CFbKFg1eOHmqkJKnfkgCA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=SfAHjsbdAjNKyi6dqU8tgrN+i5H9psaDr9VZWUhP3Zw=; b=bRRRbv+E025qmNrRKnQlvY6M/CzRhiUwtkat7tYa5rzoL6Nc77bMwcsJwZA+lyBAJb TzaUs0hTxraNEBi1+ZPMCMfDuPlIQCCw3YogXmtupZ05JaL+t3NCGCO57PExMjaDNGON NYmVxvexn9ywJ+gsQut3KeXdD8QgmI0eoP2SdpPxnAXJXj3M0xYfQ/pGASYejUCCIhmN gMojNsYf0mk8+C2WpqX7BRpRPCGAU/pjoJ6r9XJaMpEUBq1g3aQMiKL0LmYQtZxY6lSm ZxAhU1yKYfA1KvPCzIfs4k1yE/YTTPmPbzYH88fiB3j00nEuBbpf5+RKEtwrqxKFaAV1 Xi/A== Received: by 10.50.237.72 with SMTP id va8mr129649igc.17.1340761894211; Tue, 26 Jun 2012 18:51:34 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id gh2sm7264283igb.9.2012.06.26.18.51.33 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 26 Jun 2012 18:51:33 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5R1pV8s011512 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 26 Jun 2012 21:51:31 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5R1pUuV011511; Tue, 26 Jun 2012 21:51:30 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Tue, 26 Jun 2012 21:51:30 -0400 From: Jason Hellenthal To: trap9 trap9 Message-ID: <20120627015130.GA10619@DataIX.net> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Gm-Message-State: ALoCoQkLp5tOzmnlE5uo3Sgfvjdj20f66uqyIOhEMRk83XZGVb74mGKVu7ZAHRvYvBEbj+V0KDjM Cc: freebsd-security@freebsd.org Subject: Re: BSD TelnetD Exploit on one of my servers X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2012 01:51:36 -0000 How about some sort of indication of what you are running... uname -a ? On Wed, Jun 27, 2012 at 12:17:01AM +0200, trap9 trap9 wrote: > This is what I find on one of my servers : > It appears to be a telnet exploit code for CVE-2011-4862. > > http://www.4shared.com/zip/mgSStKnU/wolverine-final.html > > Richard > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- - (2^(N-1))