SSH DSA logins on crank.

Holger Levsen holger at layer-acht.org
Tue May 20 08:30:10 EDT 2008


Hi,

On Tuesday 20 May 2008 14:13, Carl-Daniel Hailfinger wrote:
> > Not by copying to, but by using with, yes, unfortunatly.
> Sorry, "using with" is very imprecise language and leads many people to
> the wrong conclusion.

If you think that "using" was confusing here, you should probably also remove 
the confusion by suggesting a better word. I still think "using" is correct 
here.

> > Read http://blog.sesse.net/blog/tech/2008-05-14-17-21_some_maths.html -
> > in short, if the randomness is not really random, DSA can be attacked
> > rather easily. That's why debian.org and freedesktop.org don't allow DSA
> > keys at all anymore.
> Everybody points to the blog entry, but nobody seems to read it. The
> entry states that if you used the private DSA key on a Debian/Ubuntu
> machine for login to another machine, it might be compromised. 

You haven't understood the entry.

Let me quote the relevant bit:

"For instance, Applied Cryptography (Schneier) says (thanks to Peter Palfrader 
for digging up the quote): Each signature requires a new value of k, and that 
value most be chosen randomly. If Eve ever recovers a k that Alice used to 
sign a message, perhaps by exploiting some properties of the random number 
generator that generated k, she can recover Alice's private key, x. If Ever 
ever gets two messages signed using the same k, even if she doesn't know what 
it is, she can recover x. And with x, Eve can generate undetectable forgeries 
of Alice's signature. In any implementation of the DSA a good random-number 
generateor is essential to the system's security."

> Short version: The
> combination of bad random numbers and a private DSA key on the same
> machine is harmful.

Wrong, also the combination of a bad random numbers and a public DSA key has 
to be considered harmful. If someone sniffed your traffic (which you have to 
consider), you have to consider your DSA keys to be compromised.


regards,
	Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.laptop.org/pipermail/devel/attachments/20080520/8a46b416/attachment.sig>


More information about the Devel mailing list