LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] SSH dictionary attacks.

[ILUG] SSH dictionary attacks.

paul at clubi.ie paul at clubi.ie
Tue Aug 29 18:33:07 IST 2006 

On Tue, 29 Aug 2006, Harry Duncan wrote:

> schemes exist for the generation of _meaningful_ collissions in 
> both MD5 and SHA1, the whole basis for trust, and trust paths / 
> chains is out the window.

That really depends on the mode they're used in...

The attacks require the attacker to control (in sense of being able 
to modify arbitrarily) /both/ sets of data for which a collision is 
desired. There is still no known first or second preimage attack on 
either MD5 or SHA-1, TTBOMK.

For public-key and MAC mode signatures, this means the attack is only 
meaningful if the attacker knows the secret key (the digest value is 
immutable unless one knows the secret key) in which case, the 
weakness in the digest algo makes no difference.

- So are these digest algorithms now weak?

   Yes.

- Is any use of these algorithms now insecure?

   That depends, for certain uses:

   Yes.

   But for many *common* uses of these algorithms:

   No.

- Might the known weaknesses be extended in future to fully break
   these algos?

   Maybe, maybe not.

To paraphase one notable cryptologist: "Walk, but no need yet to run 
in panic, to the exit".

See RFC4270 for a summary discussion of the implications of these 
attacks, co-authored by aforementioned notable cryptologist.

(note carefully that the PKIX attack does not affect the validity of
  signatures made with public keys in any way).

regards,
-- 
Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
Fortune:
He who attacks the fundamentals of the American broadcasting industry
attacks democracy itself.
 		-- William S. Paley, chairman of CBS

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell