Previous Entry | Next Entry

OpenSSH Fingerprint Randomart

Rolling
I don't know how many of you readers care about SSH, but you may have heard that OpenSSH 5.1 was recently released, and in it one of the cool new toys is fingerprint randomart, ala "Hash Visualization: a New Technique to improve Real-World Security", Perrig A. and Song D., 1999, International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99). Really it's quite a spiffy little system, and for me, beats the crap out of ordinary hex representations of fingerprints.

For example, I made myself a few new keys using OpenSSH 5.1p1:
The key fingerprint is:
cb:30:9d:10:b1:69:db:bd:b1:79:40:c6:7f:fb:22:d4 krisp@tetradon
The key's randomart image is:
+--[RSA1 2048]----+
|      o.         |
|       + .       |
|      =   +      |
|     . = = .     |
|      + S + ...  |
|       + . *..E. |
|        o +.. .  |
|           .. .. |
|             . ..|
+-----------------+
Generating public/private dsa key pair.
The key fingerprint is:
b6:dd:b7:1f:bc:25:31:d3:12:f4:92:1c:0b:93:5f:4b krisp@tetradon
The key's randomart image is:
+--[ DSA 1024]----+
|            o.o  |
|            .= E.|
|             .B.o|
|              .= |
|        S     = .|
|       . o .  .= |
|        . . . oo.|
|             . o+|
|              .o.|
+-----------------+

Generating public/private rsa key pair.
The key fingerprint is:
05:1e:1e:c1:ac:b9:d1:1c:6a:60:ce:0f:77:6c:78:47 krisp@tetradon
The key's randomart image is:
+--[ RSA 2048]----+
|       o=.       |
|    o  o++E      |
|   + . Ooo.      |
|    + O B..      |
|     = *S.       |
|      o          |
|                 |
|                 |
|                 |
+-----------------+


Loads of fun. The only trick is because this is an arbitrary mapping of keys to random arts, if I suddenly switch to SSH package X, I may be seeing different arts. For SSH this may not be a big deal, but I'd really like to see this technique get adopted by other software like GPG, OpenSSL, and Firefox/Opera for SSL certificate verification, and hopefully they'd all use some standardized algorithm. Personally I think the one described in that paper would be fine for situations where we can display pixel art, and for text situations this OpenSSH wormy-thing seems ok (personaly, I'd add an option to also display ANSI colors, but that's just me). Mmm temptation to write Firefox extensions rising....!

I just noticed the date on that paper. Wth isn't this already in Firefox??

Comments

( 2 comments — Leave a comment )
muerte
Dec. 17th, 2008 09:45 pm (UTC)
I just made an ssh key and got randomart... When is it used? It'd be nice if it would display that when you ssh to a new host, instead of:

The authenticity of host 'red (127.0.0.1)' can't be established.
RSA key fingerprint is 59:82:89:34:2d:07:d1:70:c5:66:de:29:88:65:48:3e.
alibash
Dec. 18th, 2008 12:38 pm (UTC)
you can set VisualHostKey=yes as either a commandline option or in your ~/.ssh/config and it'll display the random art of the host key when connecting. It's unfortunately kind of spammy though, so I leave it off...
( 2 comments — Leave a comment )

Latest Month

June 2011
S M T W T F S
   1234
567891011
12131415161718
19202122232425
2627282930  

Page Summary

Powered by LiveJournal.com
Designed by Taichi Kaminogoya