From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 18:52:22 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 32745106564A for ; Sun, 24 Jun 2012 18:52:22 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id D13EE8FC19 for ; Sun, 24 Jun 2012 18:52:21 +0000 (UTC) Received: by obbun3 with SMTP id un3so6736296obb.13 for ; Sun, 24 Jun 2012 11:52:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=juGQoVHsrrtyIc/6K4PG9Ok2vLhKKwRLFi41aogCcs0=; b=AM2eTZ4FrMtUIELNvXy7gFsNNULMHK7NtCSz9Xb3kHhrcMQUxHUXdsrEGUerC+6WKb U0Yjo+/B0Gw5atJMKtb8B8XeLswTsVKbqXfIxkpa0O5YCOfRUa7GdTwMH6Tin3ZjQbt/ kcXy8NwKJuicqhah3RgncuXXRpt2K9aS7g0K8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=juGQoVHsrrtyIc/6K4PG9Ok2vLhKKwRLFi41aogCcs0=; b=RW2Wyt3ZH8R77iBai4m3ytDU5HrBSGSxFffbClimUdO1TwQ4UL0jNW1jt/htcpUET2 N1oxiygKrbEDDoafdSLuoyCIdSVgBoLyWqCil4o5/fyBC3FZi1SjGO0Nw7cAAKE+AzNT F/okjzioiojp1PD83L+ncuzHI7BW26UmbDhDz7+UntfpU0anQljTBI6xD8w5/k2nzGvf KMh55ZmrUoqJAdS3kYonz3HdPUQai098i3jNG4V5j1L3q1q7HmIKhGlZvhHiy8hFM+PD ZHnnPbOlJTBfwGM1TI/aLduik7b40gcbsxaWSRUBLBRgJhKPjPPWrCDebW0TcxN8Cnjc VVjQ== Received: by 10.50.170.69 with SMTP id ak5mr6361179igc.47.1340563941332; Sun, 24 Jun 2012 11:52:21 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id nh8sm7998056igc.1.2012.06.24.11.52.20 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 24 Jun 2012 11:52:20 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5OIqH4c015492 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 24 Jun 2012 14:52:18 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5OIqHs6015491; Sun, 24 Jun 2012 14:52:17 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Sun, 24 Jun 2012 14:52:17 -0400 From: "J. Hellenthal" To: Robert Simmons Message-ID: <20120624185217.GA11320@DataIX.net> References: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> <20120624165920.GA85913@DataIX.net> <20120624181543.GA3652@DataIX.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YiEDa0DAkWCtVeE4" Content-Disposition: inline In-Reply-To: X-Gm-Message-State: ALoCoQnCa43D8TFQdISlNXLT2LxTo6qDlms3Jw6y5XCeXG+gCYcuJSwWu7M6BOt8Dqdp9Aifs8qc Cc: freebsd-security@freebsd.org Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 18:52:22 -0000 --YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jun 24, 2012 at 02:26:02PM -0400, Robert Simmons wrote: > On Sun, Jun 24, 2012 at 2:15 PM, J. Hellenthal w= rote: > > On Sun, Jun 24, 2012 at 01:26:21PM -0400, Robert Simmons wrote: > >> On Sun, Jun 24, 2012 at 12:59 PM, J. Hellenthal wrote: > >> > These are more then sufficient for any normal ssh use. > >> > >> I'm sorry if I sound rude, but I wanted to have a bit more of a > >> substantive discussion than quoting the man pages. =A0Especially since > >> what you are quoting dates back to a change to > >> src/crypto/openssh/ssh-keygen.1 dated the following: > >> Sun Sep 11 16:50:35 2005 UTC (6 years, 9 months ago) by des > >> > >> Being that the old "considered sufficient" of 1024 was added at the > >> following revision date: > >> Thu Feb 24 14:29:46 2000 UTC (12 years, 4 months ago) by markm > >> > > > > There is nothing stopping you from changing a key after the system has > > booted e.g. by using the rc script itself if you feel it is not > > sufficient. >=20 > Almost. If you use /etc/rc.d/ssh keygen all you will get is the > default sizes again. If you apply the patches I've suggested earlier, > this can be used to change the keys to your liking. As I said, my > patches don't change the default, they just add knobs to rc.conf that > allow /etc/rc.d/ssh keygen to work as someone would want it to work if > they want different key sizes. >=20 > > Given OpenBSD is usually always on the far safe side of things taking > > the security approach before simplicity I would extremely agree that it > > is more than sufficient. > > > > But then again what is good for the masses it not always good enough for > > the security paranoid and giving credit to such is what keeps everyone > > safe. > > > > ( /usr/local/etc/rc.d/openssh keygen ) # regenerate your keys > > > > Which should generate a new set of keys, keeping you safe for another X > > amount of years. > > > > =A0- or - > > > > ssh-keygen -f rsa -b [NNNN] -f /usr/local/etc/ssh/ssh_host_rsa_key >=20 > See above. I've included patches that simplify this. >=20 > > But the intitial key being the default? its sufficient to get you in and > > started on a remote system. > > > >> I would say that we are exactly due for a real discussion as to what > >> should be considered sufficient with regards to modern processors and > >> GPUs. > > > > Unfortunately I see that as a different thread "Hardware potential to > > duplicate existing host keys... RSA DSA ECDSA" >=20 > I see it as related directly to why or why not 2048 is sufficient. >=20 > Do you have an argument for the 2048 default based on something more > than OpenBSD does it? Sure With a key of length n bits, there are 2^n possible keys. This number grows very rapidly as n increases. Moore's law suggests that computing power doubles roughly every 18 to 24 months, but even this doubling effect leaves the larger symmetric key lengths currently considered acceptable well out of reach. The large number of operations (2^128) required to try all possible 128-bit keys is widely considered to be out of reach for conventional digital computing techniques for the foreseeable future. http://en.wikipedia.org/wiki/Key_size 2048 is well more than efficient. Speaking soley for RSA in that matter. It would be easier to steal the hostkey than it would be to crack it. --=20 - (2^(N-1)) --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJP52HgAAoJEBSh2Dr1DU7W0KwH/RX+GrKXNoleCQaQSsW2wncW LX11uAu5i0eEKVGicUPaTKXMJu3t7lvQ4oEO05dzvrNOz93SzE8NhF7nKzfxtPZd fm3ElzJyKvxCarNKTJd2ORymELvWJIjbC5DEwCoEocN0tgXPdEZTzgn9QswniO82 euo4tS2xAZakcVgkGy8LBxiDm+ZZxIHKsJApWzvoaJ9uAQLWSdK/gBKxqzXyatJb Uh5NkOo11k9MQ9g4cf00EEPAjDP51EtPqiPB/HKZ1rMVfP0ilf33j138oUuHX7iI ZsXBmqYERep4O8kg4lT6yuqLRRZ6mJC0VziuLskCcpj+WBBjM6oj8xIE33q8do8= =vzMY -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4--