Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Default OpenSSH-Portable RSA Private Key Encryption is Poor

posted by martyb on Monday August 06 2018, @06:23AM   Printer-friendly
from the send-money? dept.

canopic jug writes:

The Latacora firm has a blog post asserting that OpenSSH-portable has poor defaults for encrypting private RSA keys because of its reliance on OpenSSL. The blog goes into why this is a problem and how you can test it for yourself.

There is nothing wrong with the generated RSA keys themselves, however, just the encryption of the private RSA keys -- if made using current defaults. There are two ways of encrypting RSA keys, an old and apparently insecure way, and a new key format available but not default. Newer key types like Ed25519 use only the new key format and are not bothered by this problem.

Earlier on SN:
WikiLeaks Unveils CIA Implants That Steal SSH Credentials From Windows, Linux PCs (2017)
Upgrade Your SSH Keys (2016)
OpenSSH 6.8 Will Feature Key Discovery and Rotation for Easier Switching to DJB's Ed25519 (2015)

Original Submission

 
This discussion has been archived. No new comments can be posted.
Default OpenSSH-Portable RSA Private Key Encryption is Poor | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by driverless on Monday August 06 2018, @09:15AM (3 children)

    by driverless (4770) on Monday August 06 2018, @09:15AM (#717771)

    You also have to wonder about the title:

    The default OpenSSH key encryption is worse than plaintext

    Since "plaintext" means no protection at all, what's "worse than plaintext"? Does OpenSSH proactively mail your key to the CIA, FSB, DDSI, Unit 8200, MSS, SEBIN, and Special Unit 731?

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by coolgopher on Monday August 06 2018, @10:57AM

    by coolgopher (1157) on Monday August 06 2018, @10:57AM (#717790)

    They cover that in TFA. Essentially, due to ease of cracking and the likelihood of password reuse, it's worse because someone could get access to far more than ssh.

  • (Score: 2) by RS3 on Monday August 06 2018, @01:26PM (1 child)

    by RS3 (6367) on Monday August 06 2018, @01:26PM (#717821)

    It's also worse in the sense that you believe you're secure, so you're sending stuff you think is protected. If you know you're in plaintext mode, hopefully you're not going to pass an admin password, but you're more likely to if you think you have the most awesome encryption short of quantum computing.

    • (Score: 0) by Anonymous Coward on Tuesday August 07 2018, @07:17PM

      by Anonymous Coward on Tuesday August 07 2018, @07:17PM (#718389)

      It's also worse in the sense that you believe you're secure, so you're sending stuff you think is protected. If you know you're in plaintext mode, hopefully you're not going to pass an admin password, but you're more likely to if you think you have the most awesome encryption short of quantum computing.

      Not really relevant for the passphrases in question. These passphrases are used to locally decrypt your private keys used in key-based authentication. The passphrase never leaves the local machine running ssh.

      The purpose of encrypting the keys in this manner is if someone gains access to your files they don't automatically gain access to the private key. If your system is already compromised an attacker can probably snoop the key and/or passphrase when you decrypt it, so the threat is pretty much limited to scenarios where someone physically steals your backup tapes. That still may be worth worrying about: you probably don't want a stolen backup tape to mean the thief can now successfully authenticate on the live system.