On Tue, May 13, 2008 at 06:18:23PM -0400, Joey Hess wrote: > I have a question about the key blacklist feature in this new release. > What if ssh-keygen is run, and happens to generate a blacklisted key. > Will it abort or print a warning or something like that? Should it? > > If ssh-keygen generates such a key today, openssl is broken. But if it > happens a couple of years from now, you're probably just astronomically > unlucky and the fixed openssl happened to still generate a key in the > small set of weak keys. And in that hypothetical, the user probably > doesn't know anything about what happened historically (today) and could > be very puzzled that their shiny new key doesn't work.
Copying from my conversation with you on IRC today: <cjwatson> I did wonder about that <cjwatson> eventually I sort of figured that it was logically equivalent to ssh-keygen happening to generate a key that somebody else on the Internet already has <cjwatson> and decided that it wasn't immediately worth worrying about <joeyh> yes <joeyh> and yes <cjwatson> but yeah, given that sshd honours the blacklist there's a decent argument that ssh-keygen might as well do so too <joeyh> I'm more worried about 10 years from now, when we've forgotten all about this :-) I think there's reasonable cause for a wishlist bug on openssh-client about this (so I don't forget). FWIW, though, I do plan to drop the dependency on openssh-blacklist after a couple of years; eventually, it will stop being worth people's while to try to compromise this, and then it really will be nearly equivalent to happening to generate a key that somebody else owns. I'd rather not have to carry the several-megabyte blacklist blob around forever. -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
