Contributed by johan on from the artsy dept.
Alexander von Gernler (grunk@) has committed support for SSH fingerprint visualization. This is a technique to make it possible for users to remember SSH fingerprints more easily. Instead of just looking at the ssh fingerprint in clear text you can now get a graphical pattern where your key is represented by a worm inside a field, the worm will look slightly different depending on the fingerprint.
Update (Thu Jun 26 2008, 16:42:30 CET): Some changes has been made since this article was written. Instead of having to specify "CheckHostIP fingerprint" to turn on visualization, you now have to use "VisualHostKey yes". "CheckHostIP fingerprint" won't work anymore, and has returned to be a normal bool yes/no option.
Please read on for Alexander's blog...
In December 2006, I attended a talk by Dan Kaminsky [1] [2], a security expert well known for his creative approaches towards problems and for his extremely entertaining style of presentation. His talk dealt a lot with visualization of problems from different areas, and was fun to watch, as always. Dan managed to tie together some loose ends in my head about various topics, and also managed to draw my attention to the problem of SSH and the hex fingerprints. As many of you know, a fingerprint may be as secure as it can be, but the security of the system stands and falls with the user. So if people don't verify fingerprints because it is too complicated and annoying for them, we have to catch them where they can't escape: Actually, the human brain is the most powerful pattern recognition system ever known, so why not make use of it, and show a little image to the users every time they log in. If the image is the same all the time, then everything feels normal. And if not, it starts feeling fishy immediately. One of the problems I had to solve was the output format. As you all know we're operating on text terminals most of the time, and high-resolution graphics are not available always. However, the schemes available all tried to do some random graphical output that aimed to be characteristic and easy to remember. So there I was with my constraints: The output had to be 7-bit clean ASCII text, with no colors, no scrolling, no animation, no nothing. I then designed a very simple algorithm that nevertheless takes all the bits of a hex fingerprint into account. I am still doing research towards the question of how easy it is to forge these pictures. (If you're at a University and doing Theoretical Computer Science, Graph Theory or Cryptography and have any remarks to make, I'll be glad to hear from you :) Now perhaps you'll be curious and want to play around with the new feature. Just do the following steps: 1. (Of course) compile a -current ssh 2. Insert the option CheckHostIP fingerprint to your ~/.ssh/config file. Now you will get the ASCII art displayed on every login. 3. If you want to know what your known hosts "look" like, type in ssh-keygen -lv -f ~/.ssh/known_hosts | less and learn! There's a canadian anoncvs mirror that looks like a cat, for example ;)
(Comments are closed)
By anonymous pedro (201.53.102.38) on
Comments
By anonymous grunk (2a01:198:262:1:20a:e4ff:fe35:3081) on
No man, that's exactly how it was implimented. Apologize! :)
Comments
By Anonymous Coward (88.217.158.50) on
>
> No man, that's exactly how it was implimented. Apologize! :)
oh is it your paycheck that makes you think so?
By Anonymous Coward (209.139.249.129) on
Love the whole idea of it.
By Anonymous Coward (84.0.5.102) on
By Anonymous Coward (158.64.153.152) on
I tried it, but you still have to get used to it. I'm not sure these graphics are easy to remember ...
+--[ RSA]---------+
|.o |
|... |
|= ... |
| = ... |
|+ . .ES |
|.. o ..o . |
| . o ..+ o o |
| . o o. . = . |
| . . . o |
+-----------------+
+--[ RSA]---------+
| .. . |
| . . . |
| . . o |
| . . = |
| . oSo |
| . . ..= . |
|E . o.B = |
| o =.* |
| +o. |
+-----------------+
Comments
By Anonymous Coward (84.0.5.102) on
+1
By Anonymous Coward (81.83.46.216) on
Comments
By Anonymous Coward (81.83.46.216) on
By Anonymous Coward (81.83.46.216) on
http://thebirdguide.com/digiscoping/photos/IMG_1728_Coopers_Hawk.jpg
By Anonymous Coward (209.139.249.129) on
> +--[ RSA]---------+
> | .. . |
> | . . . |
> | . . o |
> | . . = |
> | . oSo |
> | . . ..= . |
> |E . o.B = |
> | o =.* |
> | +o. |
> +-----------------+
>
>
> big sitting bird :-)
Pooping beaver.
By Anonymous Coward (2a01:348:108:100:20a:5eff:fe1a:a300) on
>
> I tried it, but you still have to get used to it. I'm not sure these graphics are easy to remember ...
Wow, you have bubble-babble signatures committed to memory? I salute you :)
For us mortals it's not so much useful for ease of remembering, as ease of comparison. With existing fingerprints, people tend to compare just a few positions in the key. If you have two of the "ssh nethack mode" images, say, one on-screen and one printed on a card, comparison is quicker and easier.
Comments
By Anonymous Coward (12.153.51.253) on
>
> [MANGLED]
I'm not so sure that comparison would be easier with this method, GIVEN the user has a printed card. I would find it much easier to compare a compact, linear sequence of hex digits by placing said card on the screen below the SSH fingerprint (I would print it in roughly the correct size to match most terminals I would expect to use); in fact, base-64 encoding would probably make the printed-card method even easier. I actually found the difference between the two fingerprint images YOU published to be very subtle.
By Anonymous Coward (121.116.178.61) on
By Krunch (91.106.223.231) on
Comments
By Jared (209.59.105.36) jjsolomon@gmail.com on
And/or torrent of either?
By Sunnz (sunnz) on http://yius.id.au
I just made a quick and dirty conversion from ppt to pdf using OpenOffice.org, the result is here:
http://yius.id.au/dmk_blackops2006_ccc.pdf
By Peter (129.132.27.180) on
Pictures can be confuse the viewer. I think it should be possible to write a small program that generates thousands of keys, trying to create one where the fingerprint picture is close to the original picture. Assuming that the user has no picture reference, it seems likely that he will accept the false key as his own. The brain is great in recognizing things even if they are not 100% the same.
This looks like a security facade to me, weakening the security.
Comments
By Anonymous Coward (75.111.94.145) on
>
> Pictures can be confuse the viewer. I think it should be possible to write a small program that generates thousands of keys, trying to create one where the fingerprint picture is close to the original picture. Assuming that the user has no picture reference, it seems likely that he will accept the false key as his own. The brain is great in recognizing things even if they are not 100% the same.
>
> This looks like a security facade to me, weakening the security.
Well, on the other hand it's actually much easier to generate thousands of keys and find one that has a hex fingerprint that starts and ends with the same couple of bytes as the fingerprint on the machine you are attacking, so in that respect it's no more or less secure than the existing method of asking a user to verify the hex key. Either they will identify it exactly, byte by byte, or they will choose an approximation. The fingerprint is a more easily recognized approximation, but obviously its still not a substitute for out of band validation.
IMO they really need to add the capability for ssh to validate keys through a CA.
By martin f. krafft (2001:41e0:ff12:0:211:2fff:fe6b:c869) undeadly.org@pobox.madduck.net on http://madduck.net