Peter Gutmann wrote:
Jacob Bachmeyer via cfarm-users <cfarm-users@lists.tetaneutral.net> writes:
512-bit RSA is definitely breakable and should not be used for a long-term
key. 768 bits is also too short; 1024 is currently marginal and definitely
not suitable for a high-value target, but impersonating a cfarm host will not
get an attacker much other than (eventually) caught.
In this case it's really just a nuisance (in terms of getting warnings about
512-bit keys), they're public machines that anyone can request an account on,
used to test open-source software that anyone can get a copy of.
I agree that there is unlikely to be anything confidential on the cfarm
(maybe a patch in progress for an exploitable bug?), but that still
leaves integrity---an attacker could theoretically impersonate a cfarm
node in order to mislead a developer, but (again) I am unsure how the
attacker would profit from that.
Maybe attack the client by exploiting terminal emulator bugs? Still
pretty far-fetched.
Also, it seems to me that the host key on cfarm210 is 1024-bit, not 512-bit.
[...]
Same with the use of SHA-1, the attacks are chosen-prefix offline attacks
which means the attacker gets to select the initial state and then spend as
much time as they like on getting a collision, neither of which apply to SSH,
TLS, IPsec, etc.
The one place I know of where SHA-1 is an actual current problem is
X.509 certificates---note well: the certificates, not the TLS
connections that they are used to secure. Of course, since TLS /uses/
X.509 certificates for authentication, the distinction has a nasty
tendency to get overlooked.
So apart from the nuisance warnings there's not much need to do anything,
particularly if they're older systems that would be problematic to move to
newer SSH versions.
I am not asking for the sshd to be replaced; only for a longer host key
to be installed if the older sshd already has support for it but used a
shorter key as a default. It is not like these are embedded systems
with tiny processors that can barely manage 512-bit RSA.
-- Jacob
_______________________________________________
cfarm-users mailing list
cfarm-users@lists.tetaneutral.net
https://lists.tetaneutral.net/listinfo/cfarm-users
