Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <4832E82F.1020905@gmx.de>
Date: Tue, 20 May 2008 17:03:11 +0200
From: Matthias Andree <matthias.andree@....de>
To: oss-security@...ts.openwall.com
Subject: Re: OpenSSH key blacklisting

Solar Designer wrote:
> Not yet, but we (Openwall) are likely to have a patch within a few days,
> and this:

> On Sat, May 17, 2008 at 04:46:30PM +0200, Robert Buchholz wrote:

>> There has been approval of your idea inside Gentoo's hardened team.

> is one of the reasons for us to go for the effort.

Thank you.

For tossing in an end-users view, it is also likely of wider interest since
keys generated once may travel (floppy, USB stick, scp/rsync/ssh-add -L,
you name it), or systems being cross-"updated" to other operating systems
(into/out of Debian/Ubuntu) for instance, so it likely wouldn't hurt to
forward the whole blacklisting or at least check tools upstream once
everyone is happy with it.

It may take some convincing upstream maintainers to help with working
around a b0rkup issue that happend by a downstream distro, but anyways, I'd
like to do some sort of "ssh-vulnkey -a" on my SUSE boxen (perhaps after
some sanity checks such as making sure the file being read by this tool is
actually a regular file after opening it and things like that).

-- 
Matthias Andree

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.