determin-ed

command module

v0.0.0-...-6b1d050 Latest Latest Go to latest Published: Jan 12, 2017 License: BSD-2-Clause Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/joonakannisto/determin-ed

Links

Open Source Insights

README ¶

determin-ed

Create deterministic ed25519 keys from seedfile and password for openssh-key-v1 format

Guessing attacks against stored ssh keys

SSH keys stored on mobile devices and laptop computers are typically password protected, so that if the device is stolen or compromised the attacker has to guess the password in order to use the key. Only raw computing power limits the rate of the attacker's guesses when the key is not stored in a TPM (the TPM should withstand attacks as well). Fortunately there are new password strengthening mechanisms, which try to minimize the computing gap between the most powerful attacker and the weakest user device. Nevertheless, the attacker advantage can be estimated to exceed 30 bits[1] of password entropy, which requires lengthy passwords or inhuman wait times.

What if the CIA filled the tanks with special jet fuel?

What if the attacker would not be able to confirm the key guesses without trying them on the target server?

Valid private key decryption should not have structure, i.e. no offline guess attackability
- For example, RSA fails this as valid p and q have structure: namely they are prime numbers, and getting two prime numbers randomly (1/log(N) each) would be roughly one in a million chance for 1k RSA.
The public key should not be in the device. This unfortunately breaks ssh-agent normal behavior.
SSHD public key query should be resistant to timing attacks

This proof of concept tool is intended to solve the first two problems. The third one is SSHD devs problem.

Usage

Install the package (go install github.com/joonakannisto/determin-ed)

Create a key seed file. Any tool that can output truly madly random garbage like ssh-keygen is fine for this.

ssh-keygen -t ed25519 -f keyseed

Not the most elegant, but doesn't matter, got entropy.

Use determin-ed to create a deterministic SSH key from the seed file

determin-ed -out=id_temp keyseed
cat id_temp.pub

Put the resulting public key (id_new.pub) to your target server. Delete both id_new* files. Automate a command to create your keys when connecting to target

SSH does not have interactive shell command hooks so the example below does not work. If someone could patch this somehow, so that the command could find parent tty and use it, it would be nice.
ProxyCommand determin-ed -out=~/.ssh/id_new ~/.ssh/id_rsa.pub ; exec socket %h %p && rm ~/.ssh/id_new*

Can this be used to create password based keys?

Yes. Should you? Definitely not. The public key might not be treated as confidential. OpenSSH supports password authentication. Too bad that J-PAKE is not supported anymore.

[1] Give attacker more time and parallel GPUs worth of 1M$, shittiest hardware for the user and 0.05 s wait time https://litecoin.info/Mining_hardware_comparison

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL