1. Forum
  2. Usenet
  3. COMP.SECURITY.SSH

  • RFC 8332

    From Simon Tatham@21:1/5 to Jean F. Martinelle on Mon Feb 24 21:01:48 2020
    Jean F. Martinelle <JFMart@overthere.com> wrote:
    I believe that, in essence, what the authors meant is that "ssh-
    rsa" will be the same as before - i.e. RSA with SHA-1 - and that the RSA
    key used for "ssh-rsa" can be used, without any changes to the key itself, with "rsa-sha2-256" and "rsa-sha2-512".

    Is this the correct interpretation?

    Yes, I agree with all that. If the client and server agree on one of
    the new host key algorithm names, say "rsa-sha2-256", then the string "rsa-sha2-256" will appear in the wire encoding of the _signature_,
    but the wire encoding of the _key_ will still begin with the string
    "ssh-rsa", because it will be the same key that would be used for
    original SHA-1-based signatures.
    --
    import hashlib; print((lambda p,q,g,y,r,s,m: (lambda w:(pow(g,int(hashlib.sha1( m.encode('ascii')).hexdigest(),16)*w%q,p)*pow(y,r*w%q,p)%p)%q)(pow(s,q-2,q))==r and m)(0xb80b5dacabab6145,0xf70027d345023,0x7643bc4018957897,0x11c2e5d9951130c9 ,0xa54d9cbe4e8ab,0x746c50eaa1910, "Simon Tatham <anakin@pobox.com>" ))

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jean F. Martinelle@21:1/5 to All on Mon Feb 24 20:30:33 2020
    I sent this to the wrong forum by mistake.

    I am looking into RFC 8832, where the RSA-based host algorithms
    that use SHA-2 are defined. I find the following paragraph in that
    document confusing:

    "All aspects of the "ssh-rsa" format are kept, including the
    encoded string "ssh-rsa". This allows existing RSA keys to be used with
    the new public key algorithms, without requiring re-encoding or affecting already trusted key fingerprints."

    There are nwe identifiers for the RSA-based algorithms that use
    SHA-2: "rsa-sha2-256" and "rsa-sha2-512". From this I gather that when a
    client specifies preference for (say) "rsa-sha2-256", the server will
    offer an RSA host key with a SHA-256 algorithm for digests. If the client prefers "sha-rsa", I would have thought that the server would use an RSA
    key and the SHA-1 algorithm.

    My first assumption seems to be borne out by the second sentence
    in the paragraph above. What is throwing me a bit off balance is the
    "including the encoded string "ssh-rsa"" part of the first sentence.

    I believe that, in essence, what the authors meant is that "ssh-
    rsa" will be the same as before - i.e. RSA with SHA-1 - and that the RSA
    key used for "ssh-rsa" can be used, without any changes to the key itself,
    with "rsa-sha2-256" and "rsa-sha2-512".

    Is this the correct interpretation?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)