[lug] RSAAuthentication (was: Possible compromise?)
Bear Giles
bgiles at coyotesong.com
Mon Jan 27 15:12:27 MST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rob Nagler wrote:
| Bear Giles writes:
|
|>This is where RSAAuthentication comes in.
|
| Well, yes, but, ummm... We do DSA (better, I thought than RSA) for
| auth,
<cryptogeek>
RSA contains a keypair, DSA contains a set of DSA parameters and
your relatively small private value. The DSA parameters contain a
generator value and some other stuff...
Anyway, the key thing is that if you want to generate a temporary
key using RSA you have to generate a full RSA keypair. It can
take a long time, it may be predictable if you have a really bad
key generation routine, etc.
But with DSA you just generate a relatively small random (prime?)
number, then combine it with the existing DSA parameters. Presto,
an emphemeral key for little more than the cost of a standard key.
With emphemeral keys you can use "perfect forward secrecy." Even
if somebody has managed to sneak a packet sniffer onto your
network and has your private key, they can't decrypt the traffic
since the key they really need was only stored in ram. (Or cached
to a file if you're using persistent sessions, but once it's
closed or renegotiated...)
On the downside, DSA keys can't be used for encryption. You can
use it for a dynamic protocol like SSH because the permanent key
is used to sign the ephemeral key, and the ephemeral key is used
to sign the negotiations for the session key, but you can't use it
to encrypt data stored to disk.
</cryptogeek>
| We don't allow root logins via DSA, but instead login to a special
| account for each machine for backups and such. It's pretty well
| sandboxed, but could be better!
One little-known fact about SSH is that you can use
*SAAuthetication to restrict the uses for an account. See the
"options" section of the sshd man page for details. Special
accounts should specify at least the command list and "no-pty"
options - even if somebody breaks in, they can't get a shell or
run arbitrary commands.
Bear
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+Na7Lmr0uXf8FxOURAsgsAJ4zacquBaF0AZqObDQ8wszZJ5WypACgmoWU
xNSxqDkcU3kQ/HTsxAMjkIA=
=3+Dl
-----END PGP SIGNATURE-----
More information about the LUG
mailing list