Re: Crypto and UI issues
David Mercer wrote: And my appologies to Ben Laurie and friends, but why after all these years is the UI interaction in ssh almost exactly the same when accepting a key for the first time as overriding using a different one when it changed on the other end, whether from mitm or just a key/IP/hostname change? Untrue, something which a moment's checking would have revealed. A brand new key requires user acceptance: The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. RSA key fingerprint is f2:42:df:b2:6e:1b:8a:ac:96:27:6d:8c:b9:e6:93:a1. No matching host key fingerprint found in DNS. Are you sure you want to continue connecting (yes/no)? no Host key verification failed. A changed host key (a much more risky situation) forces the user to manually remove the old key, hopefully forcing them to think about the consequences: @@@ @WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is f2:42:df:b2:6e:1b:8a:ac:96:27:6d:8c:b9:e6:93:a1. Please contact your system administrator. Add correct host key in /home/djm/.ssh/known_hosts to get rid of this message. Offending key in /home/djm/.ssh/known_hosts:209 RSA host key for 127.0.0.1 has changed and you have requested strict checking. Host key verification failed. -d - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: crypto for the average programmer
On Fri, Dec 16, 2005 at 05:41:48PM +, Ben Laurie wrote: No, OpenSSL is self-contained. There is, IIRC, an engine that uses GMP if you want, but its entirely optional; OpenSSL has its own bignum implementation that's just as good. Last I checked, public key operations in OpenSSL were significantly faster using the GNU MP engine - so just as good is perhaps not entirely accurate. OpenSSL's BN library is still very fast compared to many other MPI implementations, of course. -Jack - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Crypto and UI issues
James A. Donald wrote: -- From: Ben Laurie [EMAIL PROTECTED] if the key changes in OpenSSH you can't connect until you take positive action by deleting the old key from the known_hosts file. This is totally different to accepting a new key. I will agree that something better than just showing you the key would be cool. Like maybe it could be signed by something so you can verify it that way. Oh, wait. That's PKI, and we all know PKI is broken. But in what it is it broken? I was being sarcastic. I don't believe PKI is inherently broken, unlike some. It does have limited uses, though. Let us imagine that SSH had certified keys. Well, certifying a key is bound to be complicated, and things are bound to go wrong, and the name that you bind it to is bound to be somewhat shifty. I don't see why that would happen all that much, and if it did then just certify with multiple hostnames. You might bind the key to ben.com, but then your host is ssh.ben.com. So pretty soon users are frequently seeing error dialogs - and so, pretty soon, are always clicking through them. Don't really buy this for what is, mostly, a protocol used by experts. What is a true name is a deep and difficult question, and one that people have little patience for when trying to log in. We are overloaded with names, with the result that true names are of limited value in ascertaining true relationships. True names of hosts is not a deep problem. Indeed, it is even possible to discover rigorously (if painfully in extereme cases). Cheers, Ben. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]