| |||||||||||||
Cryptographic weakness on Debian systemsCryptographic weakness on Debian systemsPosted May 13, 2008 18:07 UTC (Tue) by jwb (guest, #15467)In reply to: Cryptographic weakness on Debian systems by emk Parent article: Cryptographic weakness on Debian systems
hosts.allow would be better, and stays constant across reboots.
(Log in to post comments)
Cryptographic weakness on Debian systems Posted May 13, 2008 20:14 UTC (Tue) by emk (guest, #1128) [Link] Fair enough. :-) I just needed a short-term fix while reading the advisories, and thought I'd share it. I'm relatively impressed by the Ubuntu patch, with its built-in blacklist and support for regenerating host keys. (Time will tell if this code actually works.) The Debian patch? Not so much. I'm still waiting to see how long it takes for anything other than a placeholder to appear here: http://www.debian.org/security/key-rollover/
Cryptographic weakness on Debian systems Posted May 13, 2008 22:10 UTC (Tue) by maxb (guest, #52055) [Link] The SSH package update in Ubuntu is taken straight from Debian. However, whilst Ubuntu have published it as a security update, Debian have not (yet?). The package is currently in incoming.
Cryptographic weakness on Debian systems Posted May 14, 2008 0:29 UTC (Wed) by cjwatson (subscriber, #7322) [Link] It would be more accurate to say that the SSH patch was contributed to Debian by Ubuntu, and due to advisory timing issues happened to be released to Ubuntu first. (Canonical sponsored my work on said patch, and had no problem with me doing some rapid hat-switching and using that work for Debian openssh as well, since I'm also its primary maintainer.)
Cryptographic weakness on Debian systems Posted May 14, 2008 1:23 UTC (Wed) by emk (guest, #1128) [Link] Well, many thanks for such a useful patch! I'm glad to hear it will soon be available for Debian as well.
Cryptographic weakness on Debian systems Posted May 14, 2008 10:54 UTC (Wed) by mbizon (subscriber, #37138) [Link] I have quite a lot of keys for which ssh-vulnkey has no blacklist information. Mainly 1024 bits RSA, and 4096 bits of both kind. The README.compromised-keys does not give any hint about how these blacklist files where generated. Do you plan to release the tool to help generate them for any keysize, or to have more pre-generated files included in openssh-blacklist ?
Cryptographic weakness on Debian systems Posted May 14, 2008 11:15 UTC (Wed) by cjwatson (subscriber, #7322) [Link] At present I don't think it's wise to release what essentially amounts to exploit code. For keys that aren't in the blacklist about which you aren't sure, I recommend looking at the timestamp information (RSA keys generated before 17 Sep 2006, when the bug was introduced, aren't vulnerable), but otherwise regenerate the key in case of doubt.
Cryptographic weakness on Debian systems Posted May 15, 2008 10:53 UTC (Thu) by endecotp (guest, #36428) [Link] The complete set of vulnerable keys has now been published.
Cryptographic weakness on Debian systems Posted May 17, 2008 7:50 UTC (Sat) by markshuttle (subscriber, #22379) [Link] I doubt that. The complete set would include all possible key sizes, For DSA that's fixed at 1024 bits, for RSA it's open-ended, though anybody with more than 4096 bits is being very conservative ;-). We had a 16k-bit key at Thawte, but it blew up most crypto libraries and toolkits at the time, so we didn't use it much.
|
|||||||||||||