Solved

encryption robustness

Posted on 2002-07-03
13
325 Views
Last Modified: 2010-04-20
Hi Glenn,

1)what tool/package should i use in order to get my RSA PUBLIC/PRIVATE KEYS? i only know how to generate a pair of public/private keys using GnuPG, but don't know if they are RSA keys...

this question was in the other post but hasn't been answered...

2) "You might try to "up" the number of key bits somewhat in /etc/ssh/sshd.conf (if your "server side" is linux/OpenSSH)."

unfortunately i don't have control over that "server side".

i remember that if i encrypt a file using gpg by 1024bits, it would be theoretically impossible to decrypt it(or way too expensive). so compared with that, how robust is ssh(as a secured terminal)?

3) regarding putty configuration:
"prefered ssh protocol version"---should i choose 1 or 2?

"enable compression"---should i tick it for more security?

"prefered encryption algorithm"---which one can give me higher security? 3DES, blowfish or DES?

and i just can't make the fonts bigger. nor can i change the background/foreground color... argh!

Thanks,
KEN
(btw, can you tell me your email address? all the posts are in plain texts and there's no security at all. so maybe i should ssh and then email you from a shell account)
0
Comment
Question by:ken021600
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
13 Comments
 
LVL 20

Accepted Solution

by:
Gns earned 50 total points
ID: 7127270
1) Yes it was. Openssl.

2) Very robust.

At protocol level 1 each host has a 1024 bit RSA key used for identification, and the server generates a "server" key (also RSA) that normally is 768 bits (this key usually gets regenerated every hour, or upon use, and is never stored to disk). Upon connection, the client tries to verify that the server is who it claims (the 1024 key is intact from the last time). The client then generates a 256 bit random number encrypt it with both (RSA) keys and send back to the server. This random number is then used as the session key with the symmetric algorithm, either 3DES or Blowfish (3DES being the default). After this (the "tunnel" is now established) the actual user authentication takes place (.rhost, .rhosts with RSA host auth, RSA challange-response or plain ol' password authentication).

Protocol level 2 is similar, but use only one DSA server (identification) key, and relies on a Diffie-Hellman key exchange (key agreement) to establish the session key. You also have more choice as to the symmetric cipher used for the session (128 bit keys: AES, 3DES, Blowfish, CAST128 or Arcfour. 192 bit: AES. 256 bit: AES). At leve 2 the insecure .rhosts methods have been ditched/replaced by public key user or host authentication, and retaining the password and challage-response methods.

So, to sum it all up, if you don't use some of the more stupid settings, both provide very good protection (on par with GnuPG). Protocol level 2 use more modern algorithm and methods.
Which leads us to...

3) Protocol level 2. No, not for security (you might want it for other reasons though;). Listed worst -> best: DES, 3DES, Blowfish, AES (this is just an opinion;-).

Hm, what version of putty is that? My development snapshot as of 2001-08-04 (yeah! not that new) has AES and some other nice-looking features... oh, just looked at version 0.51 which looks more like what you describe ken.

-- Glenn
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7127309
> prefered ssh protocol version
2 (even the encryption is not stronger, 1 is know for vulnerabilities)

> "enable compression"---should i tick it for more security?
AFAIK, compression is marked in the packet, so it does not increase security
If you tick it, you just decrease the amount of data send, but increase the required computing power on both ends.
0
 

Author Comment

by:ken021600
ID: 7128381
OK i got it.

before closing this post, can i ask another quick question?

is it secure to upload files to a site using ttssh and zmodem? I only find "telnet","ssh" and "other" in ttssh's menu and there's "scp", so i guess the answer is no...

i want a client which provides secure uploading/downloading and supports xyzmodem under windows...any comments?

Thanks,
KEN
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 20

Expert Comment

by:Gns
ID: 7129361
I haven't used ttssh, so I'll have to defer to ahoffmanns expertise on this. Even if it would be OK, why bother? You have scp (ssh enhance rsh:), which is enough.

What you can do is to take any xyzmodem ip-enabled program, and "route" the traffic through your ssh "tunnel". Either do it more or less as suggested in the VPN mini HOWTO (http://www.tldp.org/HOWTO/VPN-HOWTO/index.html), or look at how it's done for vnc (http://www.uk.research.att.com/vnc/sshvnc.html). You might also want to look at MindTerm (a Java SSH client, that only needs a JRE 1.1.x. Unfortunately payware) at http://www.tldp.org/HOWTO/MindTerm-SSH-HOWTO/index.html .

-- Glenn
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7129362
hmm have seen this question (xyzmodem) couple of days before ...

If you have a ssh connection, then using anything inside the tunnel is secure. You also may use scp then (ttsh does not have it, but putty)
About the xyzmodem in ttssh I am unshure.
0
 

Author Comment

by:ken021600
ID: 7133611
sorry it took me a while to reply.

my hats off to both of you. i only hope one day i will be as knowledgeable as you...

i've got a few more questions coming up and i'll post them to "Linux" board. Please give me a hand if you have the time. :)

cheers,
KEN
0
 
LVL 20

Expert Comment

by:Gns
ID: 7138891
No worries ken.

I'm on vacation during the next three weeks, so I'll probably miss those new questions (probably redo most of the house...sigh), but as you've no doubt noticed, there is an abundance of knowledge at EE/Linux*, so you'll probably get first class aid from ahoffmann, Jim Levie et al without me. Heck, you'll probably get better answers ;-).

-- Glenn
0
 

Author Comment

by:ken021600
ID: 7140369
Have a good rest and i'm looking forward to seeing you...

enjoy your vacation, to the hilt!

cheers,
KEN
0
 
LVL 20

Expert Comment

by:Gns
ID: 7153716
I'm trying, though I was stupid enough to bring the lil' ol' laptop with me... The weather is great though, and the beer is cool....:-)

-- Glenn
0
 

Author Comment

by:ken021600
ID: 7153870
"no worries"...? are you from oz?

hooroo,
KEN
0
 
LVL 20

Expert Comment

by:Gns
ID: 7166501
Nope, from Sweden (just the other side of the globe:-).

I don't pass every little comment through the spellchecker though.

-- Glenn
0
 

Author Comment

by:ken021600
ID: 7222283
according to the latest statistics, there are more than 45 million people accessing the net...that's a -lot- of people. actually i was shocked coz i thought 30 million was a very big number...:)

KEN
0
 
LVL 20

Expert Comment

by:Gns
ID: 7222306
If you're "down under" Ken, isn't thsi in the middle of the night?

Go to bed man, you need the sleep:-).

-- Glenn
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
pvcreate issue 5 100
Install XRDP on Ubuntu Server 16.10 x64 3 118
sed/awk/tail: how to read 3'de last line 4 68
comm diff cmp unix commands 2 21
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question