Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

Every program is a part of some other program, and rarely fits.


computers / comp.security.ssh / RFC 8332

SubjectAuthor
* RFC 8332Jean F. Martinelle
`- Re: RFC 8332Simon Tatham

1
Subject: RFC 8332
From: Jean F. Martinelle
Newsgroups: comp.security.ssh
Organization: albasani.net
Date: Mon, 24 Feb 2020 20:30 UTC
Path: i2pn2.org!i2pn.org!weretis.net!feeder7.news.weretis.net!news.albasani.net!.POSTED!not-for-mail
From: JFM...@overthere.com (Jean F. Martinelle)
Newsgroups: comp.security.ssh
Subject: RFC 8332
Date: Mon, 24 Feb 2020 20:30:33 +0000 (UTC)
Organization: albasani.net
Lines: 28
Message-ID: <r31bp9$rhr$1@news.albasani.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: news.albasani.net faLiWEahy6cGgNS+N0qvs2n1ODu2lGTwd1LPoc0lYtfMDWe0rDlB5p8STUxMWhTRsltNhQ84bYKC4v29TN9UzSYU0Fpj288QencYKUqaG3d2rhnzsFp/VXGwkidqWFqN
NNTP-Posting-Date: Mon, 24 Feb 2020 20:30:33 +0000 (UTC)
Injection-Info: news.albasani.net; logging-data="f2di+VrkdBoSowMpnS8DIjKROwaXMuxMvDfz1ZHpQTuDe0TqJLwISg9j4vgbYI8VK6EKg0pk4u6TO17MrfReLEQM6BeZMCkJK7zORwAAu+Ch49kYPPe1u2Yi7mssIHQ9"; mail-complaints-to="abuse@albasani.net"
User-Agent: Pan/0.139 (Sexual Chocolate; GIT bf56508
git://git.gnome.org/pan2)
Cancel-Lock: sha1:TDoJyFaHOOPWgfsA++3gGnCMjhQ=
View all headers
I sent this to the wrong forum by mistake.

I am looking into RFC 8832, where the RSA-based host algorithms
that use SHA-2 are defined. I find the following paragraph in that
document confusing:

"All aspects of the "ssh-rsa" format are kept, including the
encoded string "ssh-rsa".  This allows existing RSA keys to be used with
the new public key algorithms, without requiring re-encoding or affecting
already trusted key fingerprints."

There are nwe identifiers for the RSA-based algorithms that use
SHA-2: "rsa-sha2-256" and "rsa-sha2-512". From this I gather that when a
client specifies preference for (say) "rsa-sha2-256", the server will
offer an RSA host key with a SHA-256 algorithm for digests. If the client
prefers "sha-rsa", I would have thought that the server would use an RSA
key and the SHA-1 algorithm.

My first assumption seems to be borne out by the second sentence
in the paragraph above. What is throwing me a bit off balance is the
"including the encoded string "ssh-rsa"" part of the first sentence.

I believe that, in essence, what the authors meant is that "ssh-
rsa" will be the same as before - i.e. RSA with SHA-1 - and that the RSA
key used for "ssh-rsa" can be used, without any changes to the key itself,
with "rsa-sha2-256" and "rsa-sha2-512".

Is this the correct interpretation?


Subject: Re: RFC 8332
From: Simon Tatham
Newsgroups: comp.security.ssh
Date: Mon, 24 Feb 2020 21:01 UTC
References: 1
Path: i2pn2.org!i2pn.org!paganini.bofh.team!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!.POSTED!not-for-mail
From: ana...@pobox.com (Simon Tatham)
Newsgroups: comp.security.ssh
Subject: Re: RFC 8332
Date: 24 Feb 2020 21:01:48 +0000 (GMT)
Lines: 19
Message-ID: <mhj*V5qLx@news.chiark.greenend.org.uk>
References: <r31bp9$rhr$1@news.albasani.net>
NNTP-Posting-Host: chiark.greenend.org.uk
X-Trace: chiark.greenend.org.uk 1582578110 9332 212.13.197.229 (24 Feb 2020 21:01:50 GMT)
X-Complaints-To: abuse@chiark.greenend.org.uk
NNTP-Posting-Date: Mon, 24 Feb 2020 21:01:50 +0000 (UTC)
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: simon@tunnel.thyestes.tartarus.org ([172.31.80.4])
View all headers
Jean F. Martinelle <JFMart@overthere.com> wrote:
I believe that, in essence, what the authors meant is that "ssh-
rsa" will be the same as before - i.e. RSA with SHA-1 - and that the RSA
key used for "ssh-rsa" can be used, without any changes to the key itself,
with "rsa-sha2-256" and "rsa-sha2-512".

Is this the correct interpretation?

Yes, I agree with all that. If the client and server agree on one of
the new host key algorithm names, say "rsa-sha2-256", then the string
"rsa-sha2-256" will appear in the wire encoding of the _signature_,
but the wire encoding of the _key_ will still begin with the string
"ssh-rsa", because it will be the same key that would be used for
original SHA-1-based signatures.
--
import hashlib; print((lambda p,q,g,y,r,s,m: (lambda w:(pow(g,int(hashlib.sha1(
m.encode('ascii')).hexdigest(),16)*w%q,p)*pow(y,r*w%q,p)%p)%q)(pow(s,q-2,q))==r
and m)(0xb80b5dacabab6145,0xf70027d345023,0x7643bc4018957897,0x11c2e5d9951130c9
,0xa54d9cbe4e8ab,0x746c50eaa1910,      "Simon Tatham <anakin@pobox.com>"     ))


1
rocksolid light 0.7.2
clearneti2ptor