IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: How to handle incorrectly-encoded public keys



Mouse <mouse%Rodents-Montreal.ORG@localhost> writes:

>Your adding (!!!) looks as though you're calling out the value of e as the
>error.  I don't see that as erroneous; it is somewhat foolhardy in view of
>the low encryption exponent attack, but not incorrect.

That's not the error, it's just an additional issue.  It's also a crypto/code
smell indicating they're using some homebrew/nonstandard implementation, which
means who knows what other problems are lurking in there.

>I would expect my implementation would reject the key because it none of the
>key format modules accept it

That's what my code currently does too, but presumably someone is accepting
the incorrect format (and not noticing that key fingerprints don't match)
because something must be connecting to it, but even the do-everything PuTTY
doesn't seem to have any knowledge of this so maybe it's obscure enough that
nothing has noticed it before.

>Did you see this as a host key, or as a key offered for publickey
>authentication, or what?

It's the host key.  The implementation, in case others want to test for it, is
VxWorks IPSSH, so the ID string to check is "IPSSH-6".

Oh yes, this implementation also has the old-GEX bug for people maintaining
bug-workaround lists.

Peter.




Home | Main Index | Thread Index | Old Index