[ILUG] SSH dictionary attacks.
paul at clubi.ie
paul at clubi.ie
Tue Aug 29 18:33:07 IST 2006
On Tue, 29 Aug 2006, Harry Duncan wrote:
> schemes exist for the generation of _meaningful_ collissions in
> both MD5 and SHA1, the whole basis for trust, and trust paths /
> chains is out the window.
That really depends on the mode they're used in...
The attacks require the attacker to control (in sense of being able
to modify arbitrarily) /both/ sets of data for which a collision is
desired. There is still no known first or second preimage attack on
either MD5 or SHA-1, TTBOMK.
For public-key and MAC mode signatures, this means the attack is only
meaningful if the attacker knows the secret key (the digest value is
immutable unless one knows the secret key) in which case, the
weakness in the digest algo makes no difference.
- So are these digest algorithms now weak?
Yes.
- Is any use of these algorithms now insecure?
That depends, for certain uses:
Yes.
But for many *common* uses of these algorithms:
No.
- Might the known weaknesses be extended in future to fully break
these algos?
Maybe, maybe not.
To paraphase one notable cryptologist: "Walk, but no need yet to run
in panic, to the exit".
See RFC4270 for a summary discussion of the implications of these
attacks, co-authored by aforementioned notable cryptologist.
(note carefully that the PKIX attack does not affect the validity of
signatures made with public keys in any way).
regards,
--
Paul Jakma paul at clubi.ie paul at jakma.org Key ID: 64A2FF6A
Fortune:
He who attacks the fundamentals of the American broadcasting industry
attacks democracy itself.
-- William S. Paley, chairman of CBS
More information about the ILUG
mailing list