https://bugzilla.mindrot.org/show_bug.cgi?id=3960
Bug ID: 3960
Summary: Additional Format Blindness for EC
Product: Portable OpenSSH
Version: 10.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee: [email protected]
Reporter: [email protected]
Problem:
Current SSH Key passwords are easily brute force able since every
result can be validated locally. This not only endangers the private
key but also the password. For RSA this was no topic due to prime
characteristics which allow to validate key locally. For EC each wrong
password could result in a valid looking seed why security could be
drastically improved by design.
Proposal:
Introduce a new key option with following behavior:
- Generated Key format is an always valid byte array.
- Public key never is stored alongside private key but always
regenerated.
- Explicit key selection at authentication required when such keys are
available.
- As with password login itself an attempt is always validated against
the server.
Consequences:
- GPU brute force is impossible since all solutions are valid.
- Server security hits (limits, throttle, ban).
- Yes it is inconvenient, but old format could still be used.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
