[Ach] SSH improvements
Pepi Zawodsky
pepi.zawodsky at maclemon.at
Sun Nov 17 19:21:51 CET 2013
We should also recommend to recreate SSH keys after they have been initially created by a system itself. Especially if that system ist a cloned VM or an embedded system with (severe) lack of entropy.
This of course brings up the question on how to do this in a really secure manner other than being directly connected to the device where it can't be MITMed easily.
Would be interesting to have a list of the most used fingerprints encountered in the wild so one can easily check one's system against them. (Especially embedded systems like Busybox based devices and SBCs.)
See: http://eprint.iacr.org/2013/734.pdf
Best regards
Pepi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131117/da829e1d/attachment.sig>
More information about the Ach
mailing list