You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by Guillaume Nodet <gn...@apache.org> on 2014/10/13 17:52:24 UTC
Re: fallback to weaker DH algorithms, moduli file integrity and generating
How do you plan to change sshd to use this class ?
2014-10-13 17:07 GMT+02:00 Pawel Sm7 <pa...@gmail.com>:
> Hello,
>
> Please find attached proposal of moduli fingerprint functionality.
>
> Please let me know if you have any comments and if you plan add this
> functionality to Apache Mina SSHD.
>
> Regards,
>
> Pawel
>
>
> 2014-04-30 16:36 GMT+02:00 Pawel Sm7 <pa...@gmail.com>:
> > Hello,
> >
> > I have 3 issues I would like to discuss.
> >
> > 1. Handling error scenarios if Prime cannot be found.
> > Mina does not support fallback to weaker Diffie-Hellman algorithm if
> Prime
> > cannot be found.
> >
> > The failure approach of fall-thru to weaker Diffie-Hellman algorithm,
> e.g.
> > Group14 (embedded within the Code) if Prime cannot be found, either due
> to
> > MODULI File Access Errors or Prime Not Found in the File, is the typical
> > approach of most SSH Server Implementations.
> > OpenSSH follows this paradigm. Also it would help in communications
> > robustness.
> > It would be also nice to have a log event when the fallback happens.
> > Do you agree that this is an issue? When could it be implemented?
> >
> > 2. Moduli file integrity handling.
> > Could you create e.g. a SHA-256 hash fingerprint of the moduli file
> > contents, store it somewhere and add validation of moduli file using the
> > fingerprint.
> > This way we can deal with unauthorized tampering of moduli file. It is
> > potential security issue.
> >
> > 3. Moduli file generator
> > Is there a roadmap to add a moduli generator so that there’s full support
> > for group exchange generation and usage within Mina?
> > e.g. Primes could be regenerated also when moduli file is corrupted.
> >
> >
> > Regards,
> >
> > Pawel
>
Re: fallback to weaker DH algorithms, moduli file integrity and generating
Posted by Pawel Sm7 <pa...@gmail.com>.
Hello,
I would like to get back to the fingerprint validation - no problem
with adding properties to ServerFactoryManager.
I can create JIRA issue for that and create the code.
When the code will be ready, should I just send it to you? (I am not
the MINA committer).
Regards,
Pawel
2014-10-16 23:35 GMT+02:00 Guillaume Nodet <gn...@apache.org>:
> I'm quite reluctant to add code which is completely unused.
> I think it should be possible to modify the DHGEX class to leverage that
> code if a boolean property is set on the ServerFactoryManager.
> Something like MODULI_CHECK_FINGERPRINT and also a MODULI_FINGERPRINT_SALT
> and MODULI_FINGERPRINT_URL maybe.
> If the first one is true, then use the code you pasted below to actually
> verify the fingerprints, else simply ignore it.
>
> If you're wiling to work on that, please create a JIRA issue.
>
> 2014-10-15 16:53 GMT+02:00 Pawel Sm7 <pa...@gmail.com>:
>
>> Hello,
>>
>> My plan would be not to change Mina SSHD existing classes, but give
>> people using Mina SSHD a new class to use fingerprints if needed.
>>
>>
>>
>> It could be used e.g.:
>>
>> In org.apache.sshd.server.kex.DHGEX:
>>
>> private DH chooseDH(int min, int prf, int max) throws Exception {
>> ModuliFingerprint mf = new ModuliFingerprint();
>> mf.setSalt(.....);
>>
>> try {
>> mf.checkModuliFingerprint(MODULI_FILE, MODULI_FINGERPRINT);
>> } catch (Exception e) {
>> throw e;
>> }
>> ......
>>
>> Here if moduli was tampered, fingerprints do not match and exception
>> is generated. SSHD is not started.
>>
>> Earlier you need to generate fingerprint for the existing moduli file
>> using createModuliFingerprint() method.
>>
>>
>> I didn't want to update Mina SSHD existing classes because everyone
>> who wants to use fingerprints needs to generate its own secret salt
>> using setSalt() method as in the example above. It has to be secret,
>> so I did not want to force existing SSHD classes to use fingerprints.
>>
>> Please let me know your opinion.
>>
>> Regards,
>>
>> Pawel
>>
>>
>>
>> 2014-10-13 17:52 GMT+02:00 Guillaume Nodet <gn...@apache.org>:
>> > How do you plan to change sshd to use this class ?
>> >
>> > 2014-10-13 17:07 GMT+02:00 Pawel Sm7 <pa...@gmail.com>:
>> >
>> >> Hello,
>> >>
>> >> Please find attached proposal of moduli fingerprint functionality.
>> >>
>> >> Please let me know if you have any comments and if you plan add this
>> >> functionality to Apache Mina SSHD.
>> >>
>> >> Regards,
>> >>
>> >> Pawel
>> >>
>> >>
>> >> 2014-04-30 16:36 GMT+02:00 Pawel Sm7 <pa...@gmail.com>:
>> >> > Hello,
>> >> >
>> >> > I have 3 issues I would like to discuss.
>> >> >
>> >> > 1. Handling error scenarios if Prime cannot be found.
>> >> > Mina does not support fallback to weaker Diffie-Hellman algorithm if
>> >> Prime
>> >> > cannot be found.
>> >> >
>> >> > The failure approach of fall-thru to weaker Diffie-Hellman algorithm,
>> >> e.g.
>> >> > Group14 (embedded within the Code) if Prime cannot be found, either
>> due
>> >> to
>> >> > MODULI File Access Errors or Prime Not Found in the File, is the
>> typical
>> >> > approach of most SSH Server Implementations.
>> >> > OpenSSH follows this paradigm. Also it would help in communications
>> >> > robustness.
>> >> > It would be also nice to have a log event when the fallback happens.
>> >> > Do you agree that this is an issue? When could it be implemented?
>> >> >
>> >> > 2. Moduli file integrity handling.
>> >> > Could you create e.g. a SHA-256 hash fingerprint of the moduli file
>> >> > contents, store it somewhere and add validation of moduli file using
>> the
>> >> > fingerprint.
>> >> > This way we can deal with unauthorized tampering of moduli file. It is
>> >> > potential security issue.
>> >> >
>> >> > 3. Moduli file generator
>> >> > Is there a roadmap to add a moduli generator so that there’s full
>> support
>> >> > for group exchange generation and usage within Mina?
>> >> > e.g. Primes could be regenerated also when moduli file is corrupted.
>> >> >
>> >> >
>> >> > Regards,
>> >> >
>> >> > Pawel
>> >>
>>
Re: fallback to weaker DH algorithms, moduli file integrity and generating
Posted by Guillaume Nodet <gn...@apache.org>.
I'm quite reluctant to add code which is completely unused.
I think it should be possible to modify the DHGEX class to leverage that
code if a boolean property is set on the ServerFactoryManager.
Something like MODULI_CHECK_FINGERPRINT and also a MODULI_FINGERPRINT_SALT
and MODULI_FINGERPRINT_URL maybe.
If the first one is true, then use the code you pasted below to actually
verify the fingerprints, else simply ignore it.
If you're wiling to work on that, please create a JIRA issue.
2014-10-15 16:53 GMT+02:00 Pawel Sm7 <pa...@gmail.com>:
> Hello,
>
> My plan would be not to change Mina SSHD existing classes, but give
> people using Mina SSHD a new class to use fingerprints if needed.
>
>
>
> It could be used e.g.:
>
> In org.apache.sshd.server.kex.DHGEX:
>
> private DH chooseDH(int min, int prf, int max) throws Exception {
> ModuliFingerprint mf = new ModuliFingerprint();
> mf.setSalt(.....);
>
> try {
> mf.checkModuliFingerprint(MODULI_FILE, MODULI_FINGERPRINT);
> } catch (Exception e) {
> throw e;
> }
> ......
>
> Here if moduli was tampered, fingerprints do not match and exception
> is generated. SSHD is not started.
>
> Earlier you need to generate fingerprint for the existing moduli file
> using createModuliFingerprint() method.
>
>
> I didn't want to update Mina SSHD existing classes because everyone
> who wants to use fingerprints needs to generate its own secret salt
> using setSalt() method as in the example above. It has to be secret,
> so I did not want to force existing SSHD classes to use fingerprints.
>
> Please let me know your opinion.
>
> Regards,
>
> Pawel
>
>
>
> 2014-10-13 17:52 GMT+02:00 Guillaume Nodet <gn...@apache.org>:
> > How do you plan to change sshd to use this class ?
> >
> > 2014-10-13 17:07 GMT+02:00 Pawel Sm7 <pa...@gmail.com>:
> >
> >> Hello,
> >>
> >> Please find attached proposal of moduli fingerprint functionality.
> >>
> >> Please let me know if you have any comments and if you plan add this
> >> functionality to Apache Mina SSHD.
> >>
> >> Regards,
> >>
> >> Pawel
> >>
> >>
> >> 2014-04-30 16:36 GMT+02:00 Pawel Sm7 <pa...@gmail.com>:
> >> > Hello,
> >> >
> >> > I have 3 issues I would like to discuss.
> >> >
> >> > 1. Handling error scenarios if Prime cannot be found.
> >> > Mina does not support fallback to weaker Diffie-Hellman algorithm if
> >> Prime
> >> > cannot be found.
> >> >
> >> > The failure approach of fall-thru to weaker Diffie-Hellman algorithm,
> >> e.g.
> >> > Group14 (embedded within the Code) if Prime cannot be found, either
> due
> >> to
> >> > MODULI File Access Errors or Prime Not Found in the File, is the
> typical
> >> > approach of most SSH Server Implementations.
> >> > OpenSSH follows this paradigm. Also it would help in communications
> >> > robustness.
> >> > It would be also nice to have a log event when the fallback happens.
> >> > Do you agree that this is an issue? When could it be implemented?
> >> >
> >> > 2. Moduli file integrity handling.
> >> > Could you create e.g. a SHA-256 hash fingerprint of the moduli file
> >> > contents, store it somewhere and add validation of moduli file using
> the
> >> > fingerprint.
> >> > This way we can deal with unauthorized tampering of moduli file. It is
> >> > potential security issue.
> >> >
> >> > 3. Moduli file generator
> >> > Is there a roadmap to add a moduli generator so that there’s full
> support
> >> > for group exchange generation and usage within Mina?
> >> > e.g. Primes could be regenerated also when moduli file is corrupted.
> >> >
> >> >
> >> > Regards,
> >> >
> >> > Pawel
> >>
>
Re: fallback to weaker DH algorithms, moduli file integrity and generating
Posted by Pawel Sm7 <pa...@gmail.com>.
Hello,
My plan would be not to change Mina SSHD existing classes, but give
people using Mina SSHD a new class to use fingerprints if needed.
It could be used e.g.:
In org.apache.sshd.server.kex.DHGEX:
private DH chooseDH(int min, int prf, int max) throws Exception {
ModuliFingerprint mf = new ModuliFingerprint();
mf.setSalt(.....);
try {
mf.checkModuliFingerprint(MODULI_FILE, MODULI_FINGERPRINT);
} catch (Exception e) {
throw e;
}
......
Here if moduli was tampered, fingerprints do not match and exception
is generated. SSHD is not started.
Earlier you need to generate fingerprint for the existing moduli file
using createModuliFingerprint() method.
I didn't want to update Mina SSHD existing classes because everyone
who wants to use fingerprints needs to generate its own secret salt
using setSalt() method as in the example above. It has to be secret,
so I did not want to force existing SSHD classes to use fingerprints.
Please let me know your opinion.
Regards,
Pawel
2014-10-13 17:52 GMT+02:00 Guillaume Nodet <gn...@apache.org>:
> How do you plan to change sshd to use this class ?
>
> 2014-10-13 17:07 GMT+02:00 Pawel Sm7 <pa...@gmail.com>:
>
>> Hello,
>>
>> Please find attached proposal of moduli fingerprint functionality.
>>
>> Please let me know if you have any comments and if you plan add this
>> functionality to Apache Mina SSHD.
>>
>> Regards,
>>
>> Pawel
>>
>>
>> 2014-04-30 16:36 GMT+02:00 Pawel Sm7 <pa...@gmail.com>:
>> > Hello,
>> >
>> > I have 3 issues I would like to discuss.
>> >
>> > 1. Handling error scenarios if Prime cannot be found.
>> > Mina does not support fallback to weaker Diffie-Hellman algorithm if
>> Prime
>> > cannot be found.
>> >
>> > The failure approach of fall-thru to weaker Diffie-Hellman algorithm,
>> e.g.
>> > Group14 (embedded within the Code) if Prime cannot be found, either due
>> to
>> > MODULI File Access Errors or Prime Not Found in the File, is the typical
>> > approach of most SSH Server Implementations.
>> > OpenSSH follows this paradigm. Also it would help in communications
>> > robustness.
>> > It would be also nice to have a log event when the fallback happens.
>> > Do you agree that this is an issue? When could it be implemented?
>> >
>> > 2. Moduli file integrity handling.
>> > Could you create e.g. a SHA-256 hash fingerprint of the moduli file
>> > contents, store it somewhere and add validation of moduli file using the
>> > fingerprint.
>> > This way we can deal with unauthorized tampering of moduli file. It is
>> > potential security issue.
>> >
>> > 3. Moduli file generator
>> > Is there a roadmap to add a moduli generator so that there’s full support
>> > for group exchange generation and usage within Mina?
>> > e.g. Primes could be regenerated also when moduli file is corrupted.
>> >
>> >
>> > Regards,
>> >
>> > Pawel
>>