[147952] in cryptography@c2.net mail archive
Re: [Cryptography] What's a Plausible Attack On Random Number
daemon@ATHENA.MIT.EDU (Nico Williams)
Fri Nov 1 19:22:59 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 1 Nov 2013 18:08:29 -0500
From: Nico Williams <nico@cryptonector.com>
To: John Denker <jsd@av8n.com>
In-Reply-To: <527412D2.7050707@av8n.com>
Cc: Jerry Leichter <leichter@lrw.com>, Yaron Sheffer <yaronf.ietf@gmail.com>,
"cryptography@metzdowd.com List" <cryptography@metzdowd.com>,
John Gilmore <gnu@toad.com>, David Mercer <radix42@gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Fri, Nov 01, 2013 at 01:45:06PM -0700, John Denker wrote:
> On 11/01/2013 04:04 AM, Yaron Sheffer wrote:
> > Looks very much like an "implement it, standardize it and forget it"
> > kind of thing to me.
>
> Alas, that leaves important parts of the problem unsolved. We
> cannot "forget it" until we solve the whole problem.
>
> For example: SSH has to cut host keys when it is first used
> (if not before). This requires a lot of high-quality randomly-
An ssh-scan is still a first use from the point of view of the service.
And from the point of view of the user doing the scan.
> distributed bits. There are a gazillion scenarios where this
> has to happen /before/ the first DHCP happens. For example,
> I might need to "ssh root@localhost" in order to configure DHCP.
Hmmmm, well, ssh to localhost should be special. If you're connecting
to / accepting on 127.0.0.1:22 or ::1:22 then the client a) shouldn't
care what the host key is, b) if the server doesn't yet have a key then
it could generate one for just this use and not any others.
(And, for ssh w/ GSS, ssh to localhost should replace "localhost" with
the host's hostname.)
It's a bug that ssh to localhost:22 is not special.
Nico
--
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography