From owner-freebsd-security@FreeBSD.ORG Wed Aug 9 13:27:53 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F65A16A4DE for ; Wed, 9 Aug 2006 13:27:53 +0000 (UTC) (envelope-from fwaggle@hungryhacker.com) Received: from smtp106.sbc.mail.re2.yahoo.com (smtp106.sbc.mail.re2.yahoo.com [68.142.229.99]) by mx1.FreeBSD.org (Postfix) with SMTP id E21BD43D67 for ; Wed, 9 Aug 2006 13:27:49 +0000 (GMT) (envelope-from fwaggle@hungryhacker.com) Received: (qmail 7973 invoked from network); 9 Aug 2006 13:27:49 -0000 Received: from unknown (HELO ?192.168.0.4?) (elggawf@sbcglobal.net@71.156.86.203 with plain) by smtp106.sbc.mail.re2.yahoo.com with SMTP; 9 Aug 2006 13:27:48 -0000 Message-ID: <44D9E348.3060604@hungryhacker.com> Date: Wed, 09 Aug 2006 09:29:44 -0400 From: fwaggle User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: Brooks Davis References: <44D922E0.5050005@FreeBSD.org> <20060809071735.71840.qmail@web30310.mail.mud.yahoo.com> <20060809130842.GA7832@lor.one-eyed-alien.net> In-Reply-To: <20060809130842.GA7832@lor.one-eyed-alien.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Aug 2006 13:27:53 -0000 Brooks Davis wrote: > On Wed, Aug 09, 2006 at 12:17:35AM -0700, R. B. Riddick wrote: >> --- Doug Barton wrote: [snip] >> * I received a private communication yesterday about this matter. But the list >> did not. I will cite (not litterally) a little bit out of that message: Since >> you do not know anything about the remotely created host-key, u cannot connect >> safely to the freshly installed box, because: You do not even know the >> signature of the new host-key, so that if u connect to the wrong box u would >> not even known. Workaround: You could give all hosts the same well-known >> host-key (via your install-image-CD) and then u could change the host-key in a >> remotely controlled way individually and note down the signature? Maybe my >> secret informer (lets call him Rasmus or RK) wants to come public... :-) > > These are valid if probably overly paranoid points. :) [/snip] i have a question. perhaps i'm misunderstanding something with how SSH works, but how would having a "standard freebsd private key" benefit anyone? if you wanted to impersonate a newly installed freebsd machine, then all you'd need is that freely-available private key. plus you'd get a bunch of clueless admins who had their machines installed by a dedicated server provider, and who'd never change their host key, which would effectively ruin SSH for their purposes. unless i've seriously missed the boat somewhere (it's happened before!) i think a better solution would still be random key generation with a nice little option to email the key signature somewhere that the new admin could pick it up. it's still fraught with impersonation danger for the paranoid, but imo it's a better idea than having a not-so-private key on install. -- fwaggle