[19279] in bugtraq
Re: SSH1 key recovery patch
daemon@ATHENA.MIT.EDU (Pavel Machek)
Mon Feb 19 18:43:45 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20010218183604.B174@bug.ucw.cz>
Date: Sun, 18 Feb 2001 18:36:04 +0100
Reply-To: Pavel Machek <pavel@UCW.CZ>
From: Pavel Machek <pavel@UCW.CZ>
X-To: =?iso-8859-1?Q?Iv=E1n_Arce?= <core.lists.bugtraq@CORE-SDI.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: =?iso-8859-1?Q?=3C108a01c0961a$52872ac0$2e58a8c0=40ffornicario=3E=3B_fro?=
=?iso-8859-1?Q?m_Iv=E1n_Arce_on_Tue=2C_Feb_13=2C_2001_at_09:13:58PM_-030?=
=?iso-8859-1?Q?0?=
Hi!
> --- rsaglue.c Wed Jan 17 11:42:52 2001
> +++ rsaglue.c Tue Feb 13 16:05:33 2001
> @@ -264,8 +264,10 @@
> mpz_clear(&aux);
>
> if (value[0] != 0 || value[1] != 2)
> + {
> + kill(getppid(),SIGALRM);
> fatal("Bad result from rsa_private_decrypt");
> -
> + }
> for (i = 2; i < len && value[i]; i++)
> ;
>
> --- sshd.c Wed Jan 17 11:42:53 2001
> +++ sshd.c Tue Feb 13 16:05:15 2001
> @@ -757,9 +757,11 @@
>
> RETSIGTYPE key_regeneration_alarm(int sig)
> {
> + static time_t last_keygen_time=0;
> /* Check if we should generate a new key. */
> - if (key_used)
> - {
> + if (key_used && (time(NULL) - last_keygen_time > 60))
> + {
> + last_keygen_time = time(NULL);
> /* This should really be done in the background. */
> log_msg("Generating new %d bit RSA key.", options.server_key_bits);
>
> random_acquire_light_environmental_noise(&sensitive_data.random_state);
This is still not good.
You changed time from hour to minute+time it takes for signal to be
delivered. That only means faster server is needed for this to be
exploitable.
Pavel
--
I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss@linmodems.org
