Hi, On Wed, May 21, 2008 at 05:42:43AM -0400, Simon Valiquette wrote: > Kees Cook un jour écrivit: >> On Wed, May 21, 2008 at 07:07:34AM +0200, Vincent Bernat wrote: >> >> I could be mistaken, but prior to openssl breaking, ssh-keygen stopped >> allowing dsa 2048 keys, which means there wasn't a way to generate bad >> ones: >> > > It didn't before. At least not directly from ssh-keygen. > > It is so because It won't be standard compliant (the standard specify > that DSA must be 1024 bits). I don't know if OpenSSH will accept longer > keylength (some implementation will certainly refuse It). > > Personnally, in situation when I really care, I like to simply disable > DSA from sshd_config and remove the shorter key from /etc/ssh/
Sure, I think that's the best overall solution. :) >> $ ssh-keygen -t dsa -b 2048 >> DSA keys must be 1024 bits > > I think It is possible to generate them with openssl. > > It is normaly used to generate X.509 certficates, but I think you can > also get It to generate keys in the proper format for SSH. In any case, > It can generate 2048 DSA keys or even longer ones if needed. Right, of course. However, due to their different paths to generate keys, ssh-keygen and openssl generate different keys for the same pid, type, size, arch. So, for the case of openssh-blacklist, there's no such thing as a "bad" DSA-2048 ssh key. (Certainly there are bad openssl DSA-2048 keys, but they are different.) -Kees -- Kees Cook @outflux.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
