nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00
Code Issues Projects Releases Wiki Activity

Update docs and FAQ for current DSA policy.

Browse Source 
I think the deterministic DSA system we've been using for ages can now
be considered proven in use, not to mention the fact that RFC 6979 and
the Ed25519 spec both give variants on the same idea. So I've removed
the 'don't use DSA if you can avoid it' warning.
This commit is contained in:
Simon Tatham 2016-03-27 20:10:56 +01:00
parent 31d48da317
commit c5021a121b
2 changed files with 7 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/faq.but
View File

@ -1110,8 +1110,13 @@ The PuTTY policy changed because the developers were informed of
ways to implement DSA which do not suffer nearly as badly from this
weakness, and indeed which don't need to rely on random numbers at
all. For this reason we now believe PuTTY's DSA implementation is
probably OK. However, if you have the choice, we still recommend you
use RSA instead.
probably OK.
The recently added elliptic-curve signature methods are also DSA-style
algorithms, so they have this same weakness in principle. Our ECDSA
implementation uses the same defence as DSA, while our Ed25519
implementation uses the similar system (but different in details) that
the Ed25519 spec mandates.
\S{faq-virtuallock}{Question} Couldn't Pageant use
\cw{VirtualLock()} to stop private keys being written to disk?

16
doc/pubkey.but
View File

@ -131,22 +131,6 @@ key will be completely useless.
The SSH-2 protocol supports more than one key type. The types
supported by PuTTY are RSA, DSA, ECDSA, and Ed25519.
The PuTTY developers \e{strongly} recommend you use RSA.
\#{FIXME: ECDSA, Ed25519!}
\I{security risk}\i{DSA} has an intrinsic weakness which makes it very
easy to create a signature which contains enough information to give
away the \e{private} key!
This would allow an attacker to pretend to be you for any number of
future sessions. PuTTY's implementation has taken very careful
precautions to avoid this weakness, but we cannot be 100% certain we
have managed it, and if you have the choice we strongly recommend
using RSA keys instead.
If you really need to connect to an SSH server which only supports
DSA, then you probably have no choice but to use DSA. If you do use
DSA, we recommend you do not use the same key to authenticate with
more than one server.
\S{puttygen-strength} Selecting the size (strength) of the key
\cfg{winhelp-topic}{puttygen.bits}