system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-22 18:56:38 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
freebsd-src/sbin/dumpon
History
Conrad Meyer f27d255c59 dumpon(8): Provide seatbelt against weak RSA keys 
The premise of dumpon -k foo.pem is that dump contents will be confidential
except to anyone holding the corresponding RSA private key.

This guarantee breaks down when weak RSA keys are used.  Small RSA keys
(e.g. 512 bits) can be broken on a single personal computer in tractible
time.  Marginal RSA keys (768 bits) can be broken by EC2 and a few dollars.
Even 1024 bit keys can probably be broken by sophisticated and wealthy
attackers.

NIST SP800-57 (2016) recommends a minimum of 2048 bit RSA keys, and
estimates this provides 112 bits of security.

It would also be good to protect users from weak values of 'e' (i.e., 3) and
perhaps sanity check that their public key .pem does not accidentally
contain their private key as well.  These considerations are left as future
work.

Reviewed by:	markj, darius AT dons.net.au (previous version)
Discussed with:	bjk
Differential Revision:	https://reviews.freebsd.org/D17678
2018-10-26 19:53:59 +00:00
..
dumpon.8 dumpon(8): Provide seatbelt against weak RSA keys 2018-10-26 19:53:59 +00:00
dumpon.c dumpon(8): Provide seatbelt against weak RSA keys 2018-10-26 19:53:59 +00:00
Makefile Add support for encrypted kernel crash dumps. 2016-12-10 16:20:39 +00:00
Makefile.depend DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00