From dev-return-27271-apmail-mina-dev-archive=mina.apache.org@mina.apache.org Thu Oct 16 21:35:35 2014 Return-Path: X-Original-To: apmail-mina-dev-archive@www.apache.org Delivered-To: apmail-mina-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9471017BEB for ; Thu, 16 Oct 2014 21:35:35 +0000 (UTC) Received: (qmail 10204 invoked by uid 500); 16 Oct 2014 21:35:35 -0000 Delivered-To: apmail-mina-dev-archive@mina.apache.org Received: (qmail 10180 invoked by uid 500); 16 Oct 2014 21:35:35 -0000 Mailing-List: contact dev-help@mina.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@mina.apache.org Delivered-To: mailing list dev@mina.apache.org Received: (qmail 10157 invoked by uid 99); 16 Oct 2014 21:35:35 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Oct 2014 21:35:35 +0000 Received: from localhost (HELO mail-ob0-f173.google.com) (127.0.0.1) (smtp-auth username gnodet, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Oct 2014 21:35:35 +0000 Received: by mail-ob0-f173.google.com with SMTP id wp4so3676525obc.32 for ; Thu, 16 Oct 2014 14:35:34 -0700 (PDT) X-Received: by 10.202.75.9 with SMTP id y9mr3065898oia.56.1413495334233; Thu, 16 Oct 2014 14:35:34 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.181.6 with HTTP; Thu, 16 Oct 2014 14:35:14 -0700 (PDT) In-Reply-To: References: From: Guillaume Nodet Date: Thu, 16 Oct 2014 23:35:14 +0200 Message-ID: Subject: Re: fallback to weaker DH algorithms, moduli file integrity and generating To: dev@mina.apache.org Content-Type: multipart/alternative; boundary=001a113dcd4849ee37050591078d --001a113dcd4849ee37050591078d Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I'm quite reluctant to add code which is completely unused. I think it should be possible to modify the DHGEX class to leverage that code if a boolean property is set on the ServerFactoryManager. Something like MODULI_CHECK_FINGERPRINT and also a MODULI_FINGERPRINT_SALT and MODULI_FINGERPRINT_URL maybe. If the first one is true, then use the code you pasted below to actually verify the fingerprints, else simply ignore it. If you're wiling to work on that, please create a JIRA issue. 2014-10-15 16:53 GMT+02:00 Pawel Sm7 : > Hello, > > My plan would be not to change Mina SSHD existing classes, but give > people using Mina SSHD a new class to use fingerprints if needed. > > > > It could be used e.g.: > > In org.apache.sshd.server.kex.DHGEX: > > private DH chooseDH(int min, int prf, int max) throws Exception { > ModuliFingerprint mf =3D new ModuliFingerprint(); > mf.setSalt(.....); > > try { > mf.checkModuliFingerprint(MODULI_FILE, MODULI_FINGERPRINT); > } catch (Exception e) { > throw e; > } > ...... > > Here if moduli was tampered, fingerprints do not match and exception > is generated. SSHD is not started. > > Earlier you need to generate fingerprint for the existing moduli file > using createModuliFingerprint() method. > > > I didn't want to update Mina SSHD existing classes because everyone > who wants to use fingerprints needs to generate its own secret salt > using setSalt() method as in the example above. It has to be secret, > so I did not want to force existing SSHD classes to use fingerprints. > > Please let me know your opinion. > > Regards, > > Pawel > > > > 2014-10-13 17:52 GMT+02:00 Guillaume Nodet : > > How do you plan to change sshd to use this class ? > > > > 2014-10-13 17:07 GMT+02:00 Pawel Sm7 : > > > >> Hello, > >> > >> Please find attached proposal of moduli fingerprint functionality. > >> > >> Please let me know if you have any comments and if you plan add this > >> functionality to Apache Mina SSHD. > >> > >> Regards, > >> > >> Pawel > >> > >> > >> 2014-04-30 16:36 GMT+02:00 Pawel Sm7 : > >> > Hello, > >> > > >> > I have 3 issues I would like to discuss. > >> > > >> > 1. Handling error scenarios if Prime cannot be found. > >> > Mina does not support fallback to weaker Diffie-Hellman algorithm if > >> Prime > >> > cannot be found. > >> > > >> > The failure approach of fall-thru to weaker Diffie-Hellman algorithm= , > >> e.g. > >> > Group14 (embedded within the Code) if Prime cannot be found, either > due > >> to > >> > MODULI File Access Errors or Prime Not Found in the File, is the > typical > >> > approach of most SSH Server Implementations. > >> > OpenSSH follows this paradigm. Also it would help in communications > >> > robustness. > >> > It would be also nice to have a log event when the fallback happens. > >> > Do you agree that this is an issue? When could it be implemented? > >> > > >> > 2. Moduli file integrity handling. > >> > Could you create e.g. a SHA-256 hash fingerprint of the moduli file > >> > contents, store it somewhere and add validation of moduli file using > the > >> > fingerprint. > >> > This way we can deal with unauthorized tampering of moduli file. It = is > >> > potential security issue. > >> > > >> > 3. Moduli file generator > >> > Is there a roadmap to add a moduli generator so that there=E2=80=99s= full > support > >> > for group exchange generation and usage within Mina? > >> > e.g. Primes could be regenerated also when moduli file is corrupted. > >> > > >> > > >> > Regards, > >> > > >> > Pawel > >> > --001a113dcd4849ee37050591078d--