Why does my SSH private key still work after changing some bytes in the file?
source link: https://crypto.stackexchange.com/questions/31807/why-does-my-ssh-private-key-still-work-after-changing-some-bytes-in-the-file
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Why does my SSH private key still work after changing some bytes in the file?
Cryptography Stack Exchange is a question and answer site for software developers, mathematicians and others interested in cryptography. It only takes a minute to sign up.
I (for a test) just randomly altered a private RSA key by opening it up in Vim and changing a few bytes. It is the private part of an SSH key pair used for logging in on a remote system. Puzzlingly, it still allows me to login.
I did some research and found that it is a base64 encoded ASN.1 container, so I pulled all the relevant integers out with OpenSSL and it seems only dd, the private exponent, has changed (and only slightly at that). Is it possible the additional cached values are therefore being used to decrypt the value sent from the server, in order to still allow me to be logging in? The public key can (as expected) still be derived due to the other integers in the ASN.1 still being the same.
As I'm an encryption dufus I'd appreciate some guidance on how the above is possible. I've found when I modify the key in Vim by larger amounts it rejects me as expected. Thanks.
1 Answer
An ASN.1-encoded SSH private key contains the following integers in order:
- The public modulus nn and exponent ee;
- The private exponent dd;
- The prime factors pp and qq of nn;
- The "reduced" private exponents dp=dmod(p−1)dp=dmod(p−1) and dq=dmod(q−1)dq=dmod(q−1);
- The "CRT coefficient" qinv=q−1modpqinv=q−1modp.
The observation that the value of dd in such a key may be irrelevant is due to the following: To speed up exponentiation modulo nn by a factor of about 44, the Chinese Remainder Theorem can be utilized to compute the result modulo pp and qq separately and subsequently combine them to obtain the "real" result modulo nn. With this optimization, the values of nn, ee and dd are not required, hence are ignored by typical implementations whenever pp, qq, dpdp, dqdq and qinvqinv are available*. This is why changing some characters in the middle of the key need not necessarily destroy it, depending on which of the components you change.
*) at least for OpenSSH, they do not have to be present: setting p=q=1p=q=1 and dp=dq=qinv=0dp=dq=qinv=0 makes the implementation use nn and dd.
To visualize the arrangement of the individual components, I created the following graphic from a typical 4096-bit RSA private key file:
The grey part right in the beginning is ASN.1 header data (encoding the fact that a sequence is about to follow, etc), followed by the integers forming the key as described above. The ASN.1 header data associated to each component (mostly a length field) is colored slightly brighter than the data representing the integer itself. Note that the pictured subdivision is not 100% accurate as one Base64 character encodes roughly 3/43/4 raw bytes, hence some boundaries should actually run strictly within a single character.
Your Answer
Post as a guest
Required, but never shown
By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy
Recommend
-
12
What is Apple Private Relay?Private Relay is an attempt by Apple to change the way traffic is routed from user to internet s...
-
4
-
6
Apple's private relay service does not sit still I have an older iPhone that used to be my daily driver. It mostly just hangs around for testing random junk. It's still getting updates, and so when Apple offered it iOS 15 today,...
-
9
What Is SOAP API and Does It Still Work? By Idowu Omisola Published 2 hours ago SOAP, or Simple Object Access Protocol, is a pro...
-
8
Why does base64.b64encode () return a bytes object? advertisements The purpose of the base64.b64encode() function i...
-
4
Why does my Rails application still work in Production mode? advertisements This is Rails 3.0.3. My deployment is Ap...
-
3
Enter key does not work after encoding with java advertisements i get a trouble when i write this code for a jB...
-
1
The Robot Does the Hard Work. Can You Still Attain Enlightenment?The robot mandala is a faster and — proponents argue, easier — way to create the traditional sand artwork used for Buddhist meditationI...
-
8
What Is Online Reputation Management (ORM)? First impressions last. Gain more control over your brand's narrative by getting ahead of issues and monitoring...
-
4
You Know It’s a Placebo. So Why Does It Still Work?As researchers try to make sense of “open-label” placebos—fake drugs that proudly announce their fakeness—the mysterious effect is starting to show up beyond...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK