View Single Post
  #1   (View Single Post)  
Old 4th August 2018
e1-531g e1-531g is offline
ISO Quartermaster
Join Date: Mar 2014
Posts: 508
Default The default OpenSSH key encryption is worse than plaintext

I don't know whether this applies to OpenBSD, because this blog post explained things using openssh-portable as an example.
Title is also slightly clickbait-ish.

You can tell it’s encrypted because it says so right there. It also doesn’t start with MII – the base64 DER clue that an RSA key follows. And AES! That’s good, right? CBC with ostensibly a random IV, even! No MAC, but without something like a padding oracle to try modified ciphertexts on, so that might be OK?

It’s tricky to find out what this DEK-Info stuff means. Searching the openssh-portable repo for the string DEK-Info only shows sample keys. The punchline is that the AES key is just MD5(password || IV[:8]).

I always used KeePass/KeePassX to generate unique passwords and manage passwords to private SSH key files.
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote