SSH DSA logins on crank.
holger at layer-acht.org
Tue May 20 08:30:10 EDT 2008
On Tuesday 20 May 2008 14:13, Carl-Daniel Hailfinger wrote:
> > Not by copying to, but by using with, yes, unfortunatly.
> Sorry, "using with" is very imprecise language and leads many people to
> the wrong conclusion.
If you think that "using" was confusing here, you should probably also remove
the confusion by suggesting a better word. I still think "using" is correct
> > Read http://blog.sesse.net/blog/tech/2008-05-14-17-21_some_maths.html -
> > in short, if the randomness is not really random, DSA can be attacked
> > rather easily. That's why debian.org and freedesktop.org don't allow DSA
> > keys at all anymore.
> Everybody points to the blog entry, but nobody seems to read it. The
> entry states that if you used the private DSA key on a Debian/Ubuntu
> machine for login to another machine, it might be compromised.
You haven't understood the entry.
Let me quote the relevant bit:
"For instance, Applied Cryptography (Schneier) says (thanks to Peter Palfrader
for digging up the quote): Each signature requires a new value of k, and that
value most be chosen randomly. If Eve ever recovers a k that Alice used to
sign a message, perhaps by exploiting some properties of the random number
generator that generated k, she can recover Alice's private key, x. If Ever
ever gets two messages signed using the same k, even if she doesn't know what
it is, she can recover x. And with x, Eve can generate undetectable forgeries
of Alice's signature. In any implementation of the DSA a good random-number
generateor is essential to the system's security."
> Short version: The
> combination of bad random numbers and a private DSA key on the same
> machine is harmful.
Wrong, also the combination of a bad random numbers and a public DSA key has
to be considered harmful. If someone sniffed your traffic (which you have to
consider), you have to consider your DSA keys to be compromised.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Devel