Re: patch to send incoming key to AuthorizedKeysCommand via stdin

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, Mar 21, 2014 at 12:15 PM, Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx>
wrote:
> those limits suggest that the size is 128kiB on anything resembling a
> modern Linux system.

How about other platforms?

> ssh-keygen doesn't generate anything greater than 16384 bits (16Kib, or
> 2KiB), and very few people use anything even close to that size.  using
> base64 encoding inflates the size to 4/3, so we're talking about < 3KiB
> for the full base64-enoded, largest possible public key.
>
> More modern keys (EdDSA or ECDSA) are much much smaller.
>
> I'm glad you're thinking about size limits for env and argv, but i don't
> think this is even close to the size limits of realistic systems.

Even though ssh-keygen doesn't produce anything larger than 16384 bits,
wouldn't it be possible for somebody to craft a key that is larger to
attempt a buffer overflow?
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux