Recently in Security Category

As any user of SSH is aware, the first time you connect to a remote host, OpenSSH caches the server's public key in ~/.ssh/known_hosts. If the server's private key ever changes, SSH will raise an ugly error alerting you of the risk that an untrusted third-party could be intercepting your new connection.

Unfortunately, the known_hosts file represents a small security risk. It contains a convenient list of all servers to which you connect. An attacker who gained access to your password or unencrypted private key would simply need to iterate down the list until your credentials were accepted.

OpenSSH can optionally hash the server names in known_hosts. This renders the file useless to prying eyes without impairing SSH's ability to check hosts against the list. Enabling this feature and hashing your existing known_hosts file is easy!

1. Add the parameter "HashKnownHosts yes" to your ~/.ssh/config.
2. Run "ssh-keygen -H".

Below the fold, I included a handy shell script that accomplishes the same thing.

One final consideration is your shell history storing your ssh commands. It's easy to configure bash to forget these. Just set HISTIGNORE="ssh *:scp *:sftp *" in your ~/.bashrc.

This news is a couple weeks old, but I wanted to mention it anyway. Several years ago I mentioned a flaw in MD5. Seeking a proof of concept, a team of researchers successfully forged a CA certificate that could sign any certificate they desired. The resulting certificate would be implicitly trusted by all major web browsers. The team presented their results at the 25th Chaos Communication Congress last month in Berlin.

I wanted to briefly describe their ingenious technique but gave up after realizing how many prerequisite concepts I'd need to introduce. Read their excellent paper if you're interested in the details. The team used a farm of PlayStation 3 consoles to compute a CA certificate that collided with a carefully crafted certificate issued by RapidSSL.

There's no immediate risk to users. This development is primarily a wakeup call to certificate authorities to stop relying on MD5 immediately. MD5 is broken.

Some exciting and disturbing news surfaced this week. Computer Scientists from France and China have uncovered flaws in the MD5 and SHA-0 hashing algorithms. Though still preliminary, these findings suggest that an attacker could produce a hash collision in a short timeframe on a household PC. The security implications are quite serious. Apache, for example, signs its releases on mirror sites with MD5 checksums. An attacker could, in theory, incorporate malicious code in such a way that the compromised Apache distribution would yield the same MD5 signature.

The discovery of a similar flaw in SHA-1, which is widely used in PGP and SSL, may have been announced last Tuesday at Crypto 2004 in Santa Barbara. I could not find any related articles, however.