mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas Wolf (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (SSHD-708) Add support for password encrypted OpenSSH private key files
Date Wed, 12 Dec 2018 11:27:00 GMT

    [ https://issues.apache.org/jira/browse/SSHD-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16718819#comment-16718819
] 

Thomas Wolf edited comment on SSHD-708 at 12/12/18 11:26 AM:
-------------------------------------------------------------

{quote}
What I am trying to do is prevent some kind of "attack" by providing a malicious (or corrupted)
value that would cause the code to "hang" by executing a very large number of round
{quote}

OpenSSH doesn't limit this; any value in the range [1 .. INT_MAX] is allowed. IMO we shouldn't
worry about unreasonably large values here; this is reading a _private_ key of a user. If
the user created that key with 2**30 rounds, so be it. The code should just guard against
rounds < 1.

Re attribution: of course it's a community effort. But with so many changes and the code I
provided spread even over two commits, one authored by you and a second small one with my
name on it, it isn't really worth the trouble. It's no big deal; just that I would have done
this differently. (Merge the PR, maybe with just a little amend to remove the {{MessageFormat}},
then rebase my own work on top of that merge and continue from there on.) But as I said, no
big deal.


was (Author: wolft):
{quote}What I am trying to do is prevent some kind of "attack" by providing a malicious (or
corrupted) value that would cause the code to "hang" by executing a very large number of round\{quote}

OpenSSH doesn't limit this; any value in the range [1 .. INT_MAX] is allowed. IMO we shouldn't
worry about unreasonably large values here; this is reading a _private_ key of a user. If
the user created that key with 2**30 rounds, so be it. The code should just guard against
rounds < 1.

Re attribution: of course it's a community effort. But with so many changes and the code I
provided spread even over two commits, one authored by you and a second small one with my
name on it, it isn't really worth the trouble. It's no big deal; just that I would have done
this differently. (Merge the PR, maybe with just a little amend to remove the {{MessageFormat}},
then rebase my own work on top of that merge and continue from there on.) But as I said, no
big deal.

> Add support for password encrypted OpenSSH private key files
> ------------------------------------------------------------
>
>                 Key: SSHD-708
>                 URL: https://issues.apache.org/jira/browse/SSHD-708
>             Project: MINA SSHD
>          Issue Type: Improvement
>    Affects Versions: 1.4.0
>            Reporter: Goldstein Lyor
>            Assignee: Goldstein Lyor
>            Priority: Minor
>             Fix For: 2.1.1
>
>
> The current code supports only reading un-encrypted private key files



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message