[Cryptography] What's a Plausible Attack On Random Number Generation?
Nico Williams
nico at cryptonector.com
Fri Nov 1 19:08:29 EDT 2013
On Fri, Nov 01, 2013 at 01:45:06PM -0700, John Denker wrote:
> On 11/01/2013 04:04 AM, Yaron Sheffer wrote:
> > Looks very much like an "implement it, standardize it and forget it"
> > kind of thing to me.
>
> Alas, that leaves important parts of the problem unsolved. We
> cannot "forget it" until we solve the whole problem.
>
> For example: SSH has to cut host keys when it is first used
> (if not before). This requires a lot of high-quality randomly-
An ssh-scan is still a first use from the point of view of the service.
And from the point of view of the user doing the scan.
> distributed bits. There are a gazillion scenarios where this
> has to happen /before/ the first DHCP happens. For example,
> I might need to "ssh root at localhost" in order to configure DHCP.
Hmmmm, well, ssh to localhost should be special. If you're connecting
to / accepting on 127.0.0.1:22 or ::1:22 then the client a) shouldn't
care what the host key is, b) if the server doesn't yet have a key then
it could generate one for just this use and not any others.
(And, for ssh w/ GSS, ssh to localhost should replace "localhost" with
the host's hostname.)
It's a bug that ssh to localhost:22 is not special.
Nico
--
More information about the cryptography
mailing list