Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 345
  • Last Modified:

encryption robustness

Hi Glenn,

1)what tool/package should i use in order to get my RSA PUBLIC/PRIVATE KEYS? i only know how to generate a pair of public/private keys using GnuPG, but don't know if they are RSA keys...

this question was in the other post but hasn't been answered...

2) "You might try to "up" the number of key bits somewhat in /etc/ssh/sshd.conf (if your "server side" is linux/OpenSSH)."

unfortunately i don't have control over that "server side".

i remember that if i encrypt a file using gpg by 1024bits, it would be theoretically impossible to decrypt it(or way too expensive). so compared with that, how robust is ssh(as a secured terminal)?

3) regarding putty configuration:
"prefered ssh protocol version"---should i choose 1 or 2?

"enable compression"---should i tick it for more security?

"prefered encryption algorithm"---which one can give me higher security? 3DES, blowfish or DES?

and i just can't make the fonts bigger. nor can i change the background/foreground color... argh!

Thanks,
KEN
(btw, can you tell me your email address? all the posts are in plain texts and there's no security at all. so maybe i should ssh and then email you from a shell account)
0
ken021600
Asked:
ken021600
  • 6
  • 5
  • 2
1 Solution
 
GnsCommented:
1) Yes it was. Openssl.

2) Very robust.

At protocol level 1 each host has a 1024 bit RSA key used for identification, and the server generates a "server" key (also RSA) that normally is 768 bits (this key usually gets regenerated every hour, or upon use, and is never stored to disk). Upon connection, the client tries to verify that the server is who it claims (the 1024 key is intact from the last time). The client then generates a 256 bit random number encrypt it with both (RSA) keys and send back to the server. This random number is then used as the session key with the symmetric algorithm, either 3DES or Blowfish (3DES being the default). After this (the "tunnel" is now established) the actual user authentication takes place (.rhost, .rhosts with RSA host auth, RSA challange-response or plain ol' password authentication).

Protocol level 2 is similar, but use only one DSA server (identification) key, and relies on a Diffie-Hellman key exchange (key agreement) to establish the session key. You also have more choice as to the symmetric cipher used for the session (128 bit keys: AES, 3DES, Blowfish, CAST128 or Arcfour. 192 bit: AES. 256 bit: AES). At leve 2 the insecure .rhosts methods have been ditched/replaced by public key user or host authentication, and retaining the password and challage-response methods.

So, to sum it all up, if you don't use some of the more stupid settings, both provide very good protection (on par with GnuPG). Protocol level 2 use more modern algorithm and methods.
Which leads us to...

3) Protocol level 2. No, not for security (you might want it for other reasons though;). Listed worst -> best: DES, 3DES, Blowfish, AES (this is just an opinion;-).

Hm, what version of putty is that? My development snapshot as of 2001-08-04 (yeah! not that new) has AES and some other nice-looking features... oh, just looked at version 0.51 which looks more like what you describe ken.

-- Glenn
0
 
ahoffmannCommented:
> prefered ssh protocol version
2 (even the encryption is not stronger, 1 is know for vulnerabilities)

> "enable compression"---should i tick it for more security?
AFAIK, compression is marked in the packet, so it does not increase security
If you tick it, you just decrease the amount of data send, but increase the required computing power on both ends.
0
 
ken021600Author Commented:
OK i got it.

before closing this post, can i ask another quick question?

is it secure to upload files to a site using ttssh and zmodem? I only find "telnet","ssh" and "other" in ttssh's menu and there's "scp", so i guess the answer is no...

i want a client which provides secure uploading/downloading and supports xyzmodem under windows...any comments?

Thanks,
KEN
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
GnsCommented:
I haven't used ttssh, so I'll have to defer to ahoffmanns expertise on this. Even if it would be OK, why bother? You have scp (ssh enhance rsh:), which is enough.

What you can do is to take any xyzmodem ip-enabled program, and "route" the traffic through your ssh "tunnel". Either do it more or less as suggested in the VPN mini HOWTO (http://www.tldp.org/HOWTO/VPN-HOWTO/index.html), or look at how it's done for vnc (http://www.uk.research.att.com/vnc/sshvnc.html). You might also want to look at MindTerm (a Java SSH client, that only needs a JRE 1.1.x. Unfortunately payware) at http://www.tldp.org/HOWTO/MindTerm-SSH-HOWTO/index.html .

-- Glenn
0
 
ahoffmannCommented:
hmm have seen this question (xyzmodem) couple of days before ...

If you have a ssh connection, then using anything inside the tunnel is secure. You also may use scp then (ttsh does not have it, but putty)
About the xyzmodem in ttssh I am unshure.
0
 
ken021600Author Commented:
sorry it took me a while to reply.

my hats off to both of you. i only hope one day i will be as knowledgeable as you...

i've got a few more questions coming up and i'll post them to "Linux" board. Please give me a hand if you have the time. :)

cheers,
KEN
0
 
GnsCommented:
No worries ken.

I'm on vacation during the next three weeks, so I'll probably miss those new questions (probably redo most of the house...sigh), but as you've no doubt noticed, there is an abundance of knowledge at EE/Linux*, so you'll probably get first class aid from ahoffmann, Jim Levie et al without me. Heck, you'll probably get better answers ;-).

-- Glenn
0
 
ken021600Author Commented:
Have a good rest and i'm looking forward to seeing you...

enjoy your vacation, to the hilt!

cheers,
KEN
0
 
GnsCommented:
I'm trying, though I was stupid enough to bring the lil' ol' laptop with me... The weather is great though, and the beer is cool....:-)

-- Glenn
0
 
ken021600Author Commented:
"no worries"...? are you from oz?

hooroo,
KEN
0
 
GnsCommented:
Nope, from Sweden (just the other side of the globe:-).

I don't pass every little comment through the spellchecker though.

-- Glenn
0
 
ken021600Author Commented:
according to the latest statistics, there are more than 45 million people accessing the net...that's a -lot- of people. actually i was shocked coz i thought 30 million was a very big number...:)

KEN
0
 
GnsCommented:
If you're "down under" Ken, isn't thsi in the middle of the night?

Go to bed man, you need the sleep:-).

-- Glenn
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

  • 6
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now