Key fingerprints (not the DNS kind)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



When you connect to a server for the first time, a fingerprint of
the server's public key is presented.  The idea is that if you
already know the fingerprint and it's a match, you can be confident
that you are talking to the server and not a man-in-the-middle.

People use this, e.g.:
http://www.openbsd.org/anoncvs.html

The typical fingerprint is just an MD5 hash over the public key.
Given how broken MD5 is, you have to wonder if a MitM can create a
new key with the same fingerprint.  I'm in particular concerned
about RSA keys, which are long and provide material to work with.
In fact, isn't this Lenstra/Wang/Weger's "Colliding X.509 Certificates"
attack from 2005?

Am I missing something?

There are three types of fingerprints that are shown to the user:

(1) MD5 in hex:

    2048 58:32:84:2f:e6:06:be:99:7e:1f:4e:49:c9:ac:04:e5 id_rsa.pub (RSA)

(2) MD5 as random art:

    +---[RSA 2048]----+
    |    ...          |
    |   o..           |
    |  . E.o .        |
    |  ..oo.*         |
    | . +..* S        |
    |  ..oo .         |
    |   =. +          |
    |  + .o .         |
    | ... .o          |
    +-----------------+
 
(3) SHA-1 as Bubble Babble:

    2048 xufok-vegum-ralym-tudob-zybyp-donyf-nifor-bocuc-behah-vilis-vexyx id_rsa.pub (RSA)

Bubble Babble fingerprints are only displayed by ssh-keygen -B,
which is of limited usefulness.  It looks like the sort of arcane
feature that could just be removed.

The other fingerprint formats should switch from MD5 to SHA-256 as
the underlying hash.  The devil is in the details.  How to display
a SHA-256 hash compactly?  Base64?  Truncate (eww, can o' worms)?
And how to manage the changeover from old to new fingerprints?

-- 
Christian "naddy" Weisgerber                          naddy@xxxxxxxxxxxx
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux