diff options
author | Darren Tucker <dtucker@zip.com.au> | 2008-06-13 04:40:35 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2008-06-13 04:40:35 +1000 |
commit | 9c16ac926376ad87084ae78bac44a813ae5db21f (patch) | |
tree | 438b335d17d91d45c9c77fba9339816b2bf2dbf9 /ssh-keygen.c | |
parent | 1199673393661ceafc3141e5df43c53e9acdba2f (diff) |
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index a03c6575d..c22e814da 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.166 2008/05/19 15:46:31 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.167 2008/06/11 21:01:35 grunk Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -504,7 +504,7 @@ do_fingerprint(struct passwd *pw) | |||
504 | { | 504 | { |
505 | FILE *f; | 505 | FILE *f; |
506 | Key *public; | 506 | Key *public; |
507 | char *comment = NULL, *cp, *ep, line[16*1024], *fp; | 507 | char *comment = NULL, *cp, *ep, line[16*1024], *fp, *ra; |
508 | int i, skip = 0, num = 0, invalid = 1; | 508 | int i, skip = 0, num = 0, invalid = 1; |
509 | enum fp_rep rep; | 509 | enum fp_rep rep; |
510 | enum fp_type fptype; | 510 | enum fp_type fptype; |
@@ -522,9 +522,12 @@ do_fingerprint(struct passwd *pw) | |||
522 | public = key_load_public(identity_file, &comment); | 522 | public = key_load_public(identity_file, &comment); |
523 | if (public != NULL) { | 523 | if (public != NULL) { |
524 | fp = key_fingerprint(public, fptype, rep); | 524 | fp = key_fingerprint(public, fptype, rep); |
525 | ra = key_fingerprint(public, fptype, rep); | ||
525 | printf("%u %s %s\n", key_size(public), fp, comment); | 526 | printf("%u %s %s\n", key_size(public), fp, comment); |
527 | verbose("%s\n", ra); | ||
526 | key_free(public); | 528 | key_free(public); |
527 | xfree(comment); | 529 | xfree(comment); |
530 | xfree(ra); | ||
528 | xfree(fp); | 531 | xfree(fp); |
529 | exit(0); | 532 | exit(0); |
530 | } | 533 | } |
@@ -582,8 +585,11 @@ do_fingerprint(struct passwd *pw) | |||
582 | } | 585 | } |
583 | comment = *cp ? cp : comment; | 586 | comment = *cp ? cp : comment; |
584 | fp = key_fingerprint(public, fptype, rep); | 587 | fp = key_fingerprint(public, fptype, rep); |
588 | ra = key_fingerprint(public, fptype, SSH_FP_RANDOMART); | ||
585 | printf("%u %s %s\n", key_size(public), fp, | 589 | printf("%u %s %s\n", key_size(public), fp, |
586 | comment ? comment : "no comment"); | 590 | comment ? comment : "no comment"); |
591 | verbose("%s\n", ra); | ||
592 | xfree(ra); | ||
587 | xfree(fp); | 593 | xfree(fp); |
588 | key_free(public); | 594 | key_free(public); |
589 | invalid = 0; | 595 | invalid = 0; |
@@ -603,12 +609,14 @@ print_host(FILE *f, const char *name, Key *public, int hash) | |||
603 | if (print_fingerprint) { | 609 | if (print_fingerprint) { |
604 | enum fp_rep rep; | 610 | enum fp_rep rep; |
605 | enum fp_type fptype; | 611 | enum fp_type fptype; |
606 | char *fp; | 612 | char *fp, *ra; |
607 | 613 | ||
608 | fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; | 614 | fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; |
609 | rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; | 615 | rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; |
610 | fp = key_fingerprint(public, fptype, rep); | 616 | fp = key_fingerprint(public, fptype, rep); |
611 | printf("%u %s %s\n", key_size(public), fp, name); | 617 | ra = key_fingerprint(public, fptype, SSH_FP_RANDOMART); |
618 | printf("%u %s %s\n%s\n", key_size(public), fp, name, ra); | ||
619 | xfree(ra); | ||
612 | xfree(fp); | 620 | xfree(fp); |
613 | } else { | 621 | } else { |
614 | if (hash && (name = host_hash(name, NULL, 0)) == NULL) | 622 | if (hash && (name = host_hash(name, NULL, 0)) == NULL) |
@@ -1451,10 +1459,15 @@ passphrase_again: | |||
1451 | 1459 | ||
1452 | if (!quiet) { | 1460 | if (!quiet) { |
1453 | char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX); | 1461 | char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX); |
1462 | char *ra = key_fingerprint(public, SSH_FP_MD5, | ||
1463 | SSH_FP_RANDOMART); | ||
1454 | printf("Your public key has been saved in %s.\n", | 1464 | printf("Your public key has been saved in %s.\n", |
1455 | identity_file); | 1465 | identity_file); |
1456 | printf("The key fingerprint is:\n"); | 1466 | printf("The key fingerprint is:\n"); |
1457 | printf("%s %s\n", fp, comment); | 1467 | printf("%s %s\n", fp, comment); |
1468 | printf("The key's randomart image is:\n"); | ||
1469 | printf("%s\n", ra); | ||
1470 | xfree(ra); | ||
1458 | xfree(fp); | 1471 | xfree(fp); |
1459 | } | 1472 | } |
1460 | 1473 | ||