Solved

encryption robustness

Posted on 2002-07-03
13
302 Views
Last Modified: 2010-04-20
Hi Glenn,

1)what tool/package should i use in order to get my RSA PUBLIC/PRIVATE KEYS? i only know how to generate a pair of public/private keys using GnuPG, but don't know if they are RSA keys...

this question was in the other post but hasn't been answered...

2) "You might try to "up" the number of key bits somewhat in /etc/ssh/sshd.conf (if your "server side" is linux/OpenSSH)."

unfortunately i don't have control over that "server side".

i remember that if i encrypt a file using gpg by 1024bits, it would be theoretically impossible to decrypt it(or way too expensive). so compared with that, how robust is ssh(as a secured terminal)?

3) regarding putty configuration:
"prefered ssh protocol version"---should i choose 1 or 2?

"enable compression"---should i tick it for more security?

"prefered encryption algorithm"---which one can give me higher security? 3DES, blowfish or DES?

and i just can't make the fonts bigger. nor can i change the background/foreground color... argh!

Thanks,
KEN
(btw, can you tell me your email address? all the posts are in plain texts and there's no security at all. so maybe i should ssh and then email you from a shell account)
0
Comment
Question by:ken021600
  • 6
  • 5
  • 2
13 Comments
 
LVL 20

Accepted Solution

by:
Gns earned 50 total points
ID: 7127270
1) Yes it was. Openssl.

2) Very robust.

At protocol level 1 each host has a 1024 bit RSA key used for identification, and the server generates a "server" key (also RSA) that normally is 768 bits (this key usually gets regenerated every hour, or upon use, and is never stored to disk). Upon connection, the client tries to verify that the server is who it claims (the 1024 key is intact from the last time). The client then generates a 256 bit random number encrypt it with both (RSA) keys and send back to the server. This random number is then used as the session key with the symmetric algorithm, either 3DES or Blowfish (3DES being the default). After this (the "tunnel" is now established) the actual user authentication takes place (.rhost, .rhosts with RSA host auth, RSA challange-response or plain ol' password authentication).

Protocol level 2 is similar, but use only one DSA server (identification) key, and relies on a Diffie-Hellman key exchange (key agreement) to establish the session key. You also have more choice as to the symmetric cipher used for the session (128 bit keys: AES, 3DES, Blowfish, CAST128 or Arcfour. 192 bit: AES. 256 bit: AES). At leve 2 the insecure .rhosts methods have been ditched/replaced by public key user or host authentication, and retaining the password and challage-response methods.

So, to sum it all up, if you don't use some of the more stupid settings, both provide very good protection (on par with GnuPG). Protocol level 2 use more modern algorithm and methods.
Which leads us to...

3) Protocol level 2. No, not for security (you might want it for other reasons though;). Listed worst -> best: DES, 3DES, Blowfish, AES (this is just an opinion;-).

Hm, what version of putty is that? My development snapshot as of 2001-08-04 (yeah! not that new) has AES and some other nice-looking features... oh, just looked at version 0.51 which looks more like what you describe ken.

-- Glenn
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7127309
> prefered ssh protocol version
2 (even the encryption is not stronger, 1 is know for vulnerabilities)

> "enable compression"---should i tick it for more security?
AFAIK, compression is marked in the packet, so it does not increase security
If you tick it, you just decrease the amount of data send, but increase the required computing power on both ends.
0
 

Author Comment

by:ken021600
ID: 7128381
OK i got it.

before closing this post, can i ask another quick question?

is it secure to upload files to a site using ttssh and zmodem? I only find "telnet","ssh" and "other" in ttssh's menu and there's "scp", so i guess the answer is no...

i want a client which provides secure uploading/downloading and supports xyzmodem under windows...any comments?

Thanks,
KEN
0
 
LVL 20

Expert Comment

by:Gns
ID: 7129361
I haven't used ttssh, so I'll have to defer to ahoffmanns expertise on this. Even if it would be OK, why bother? You have scp (ssh enhance rsh:), which is enough.

What you can do is to take any xyzmodem ip-enabled program, and "route" the traffic through your ssh "tunnel". Either do it more or less as suggested in the VPN mini HOWTO (http://www.tldp.org/HOWTO/VPN-HOWTO/index.html), or look at how it's done for vnc (http://www.uk.research.att.com/vnc/sshvnc.html). You might also want to look at MindTerm (a Java SSH client, that only needs a JRE 1.1.x. Unfortunately payware) at http://www.tldp.org/HOWTO/MindTerm-SSH-HOWTO/index.html .

-- Glenn
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7129362
hmm have seen this question (xyzmodem) couple of days before ...

If you have a ssh connection, then using anything inside the tunnel is secure. You also may use scp then (ttsh does not have it, but putty)
About the xyzmodem in ttssh I am unshure.
0
 

Author Comment

by:ken021600
ID: 7133611
sorry it took me a while to reply.

my hats off to both of you. i only hope one day i will be as knowledgeable as you...

i've got a few more questions coming up and i'll post them to "Linux" board. Please give me a hand if you have the time. :)

cheers,
KEN
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 20

Expert Comment

by:Gns
ID: 7138891
No worries ken.

I'm on vacation during the next three weeks, so I'll probably miss those new questions (probably redo most of the house...sigh), but as you've no doubt noticed, there is an abundance of knowledge at EE/Linux*, so you'll probably get first class aid from ahoffmann, Jim Levie et al without me. Heck, you'll probably get better answers ;-).

-- Glenn
0
 

Author Comment

by:ken021600
ID: 7140369
Have a good rest and i'm looking forward to seeing you...

enjoy your vacation, to the hilt!

cheers,
KEN
0
 
LVL 20

Expert Comment

by:Gns
ID: 7153716
I'm trying, though I was stupid enough to bring the lil' ol' laptop with me... The weather is great though, and the beer is cool....:-)

-- Glenn
0
 

Author Comment

by:ken021600
ID: 7153870
"no worries"...? are you from oz?

hooroo,
KEN
0
 
LVL 20

Expert Comment

by:Gns
ID: 7166501
Nope, from Sweden (just the other side of the globe:-).

I don't pass every little comment through the spellchecker though.

-- Glenn
0
 

Author Comment

by:ken021600
ID: 7222283
according to the latest statistics, there are more than 45 million people accessing the net...that's a -lot- of people. actually i was shocked coz i thought 30 million was a very big number...:)

KEN
0
 
LVL 20

Expert Comment

by:Gns
ID: 7222306
If you're "down under" Ken, isn't thsi in the middle of the night?

Go to bed man, you need the sleep:-).

-- Glenn
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now