Re: [cryptography] can the German government read PGP and ssh traffic?
Peter Gutmann wrote: Werner Koch w...@gnupg.org writes: Which is not a surprise given that many SSH users believe that ssh automagically make their root account save and continue to use their lame passwords instead of using PK based authentication. That has its own problems with magical thinking: Provided you use PK auth, you're magically secure, even if the private key is stored in plaintext on ten different Internet-connected multiuser machines. I don't know how many times I've been asked to change my line-noise password for PK auth, told the person requesting the change that this would make them less secure because I need to spread my private key across any number of not-very-secure machines, and they've said that's OK because as long as it uses PKCs it's magically secure. Peter. Please Peter, a little rigor in the arguments would help. Since the SSH servers need *only*your*public*key*, then the ten different Internet-connected multi-user machines are not those SSH servers the admin of which would have made the request to turn to client PK for SSH. If you chose to roam into different (and as insecure as you wish to support your argument), it's your decision as a SSH client user. With the low selling price of small single user system, you could also dedicate one as a SSH client console and make it a) intermittently connected to the Internet, b) single user for all practical purposes, c) little vulnerable to Trojan horse, d) having only the software you selected for the job, e) ... Unless automated SSH sessions are needed (which is a different problem space), the SSH session is directly controlled by a user. Then, the private key is stored encrypted on long term storage (swap space vulnerability remaining, admittedly) and in *plaintext*form*only*momentarily* for SSH handshake computations following a decryption password entered by the user. If you have to fear keyboards grabbers, you fear them for line-noise passwords as well. Maybe you want to argue that PK authentication is an HMI nightmare and comes with misleading security claims derived from an obscure theory of operation. Fine. But in the case of SSH authentication, the PK alternative allows security-minded remote system operators to enjoy a secure remote console. I don't understand why you would chose to handle your encrypted SSH private key in a lousy way. But it seems inappropriate to assume that better ways are not feasible. Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, QC, Canada H2M 2A1 Tel. +1-514-385-5691 ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] can the German government read PGP and ssh traffic?
Peter Maxwell pe...@allicient.co.uk writes: Why on earth would you need to spread your private-key across any number of less secure machines? The technical details are long and tedious (a pile of machines that need to talk via SSH because telnet and FTP were turned off/firewalled years ago, I won't bore you with the details). The important point isn't the technical details but the magical thinking, a private key sprayed all over the place in plaintext is more secure than a line-noise password because everyone knows passwords are insecure and PKCs are secure (and, as I've said, this isn't an isolated case). Peter. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] can the German government read PGP and ssh traffic?
On May 26, 2012, at 8:15 34AM, Eugen Leitl wrote: On Fri, May 25, 2012 at 11:19:33AM -0700, Jon Callas wrote: My money would be on a combination of traffic analysis and targeted malware. We know that the Germans have been pioneering using targeted malware against Skype. Once you've done that, you can pick apart anything else. Just a simple matter of coding. Unrelated, IIRC Microsoft changed the architecture of supernodes to allow for lawful interception with Skype. It would be interesting to see inasmuch an open source version of Skype would want to evade that infrastructure, while asserting interoperability with legacy users. I've seen news stories about Microsoft deploying its own supernodes, rather than relying on the kindness of strangers. I haven't seen any stories about making lawful intercept possible -- do you have a source? --Steve Bellovin, https://www.cs.columbia.edu/~smb ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] can the German government read PGP and ssh traffic?
On 29 May 2012 01:35, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: Peter Maxwell pe...@allicient.co.uk writes: Why on earth would you need to spread your private-key across any number of less secure machines? The technical details are long and tedious (a pile of machines that need to talk via SSH because telnet and FTP were turned off/firewalled years ago, I won't bore you with the details). The important point isn't the technical details but the magical thinking, a private key sprayed all over the place in plaintext is more secure than a line-noise password because everyone knows passwords are insecure and PKCs are secure (and, as I've said, this isn't an isolated case). To make an analogy: people still manage to kill themselves in cars fitted with seat-belts and airbags. That does not imply those measures are not an improvement but rather that the improvement is a statistical one. Similarly, just because some numpty stores private keys in plaintext does not imply that public key auth is not in general an improvement over password auth. Yes, it is not magical but if the users of such systems cannot handle private keys with at least minimal care, there are bigger problems afoot. If multiple users need to use SSH on multiple hosts, they should store the private key on removable media and use it from a limited number of hosts; to hop from one host to another, create a port-forward on the first ssh session form which the second ssh session can connect through to the destination host, hence obviating the requirement for copying private keys and ensuring the intermediate hosts cannot decrypt any traffic. I have yet to encounter a problem in real life that requires private ssh keys to be copied all over the shop and when it happens, it's bad management, which no technical measure is going to sort. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
