From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 21:38:20 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 22EC8106566C for ; Mon, 25 Jun 2012 21:38:20 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) by mx1.freebsd.org (Postfix) with ESMTP id 9EF178FC15 for ; Mon, 25 Jun 2012 21:38:19 +0000 (UTC) Received: by wibhr14 with SMTP id hr14so1274129wib.13 for ; Mon, 25 Jun 2012 14:38:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=uE+BuMYQ3DyDyvKJeMQMPQNYoIke2/is6tOkZVU7xvY=; b=ueNT5elrGy9f7iyymwReGFfVoUJCGSe+ZEn/vWa2E8598xaPS5neLuHB1EK/SgFIcU sWE3Y1/yjHgoIx9bYKVBd9ClyE+j012l258oLALVC0fWFsR4GTJQmGj1ZjCGJZWlceBY UjkUGP4MyWd1LkW+Am/5usQhotQyHWqv9wxRnpu/lg5BjJZm9IqILm7YoTQedhyF0QgU HbEis4Znr1C2QJInxmK1zscuustW3/uokyTYn1n6/6sdYtF2/KrAcZhd7WSDPjHV8IYC P+t498pInn7xSRybwy4K0k8ZZWRFUEOfn8aP/bgwiD2AKhKL1xLlnmOexgTnOXddC+ru kiSg== Received: by 10.216.138.130 with SMTP id a2mr7582942wej.35.1340660293186; Mon, 25 Jun 2012 14:38:13 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id q6sm847853wiy.0.2012.06.25.14.38.10 (version=SSLv3 cipher=OTHER); Mon, 25 Jun 2012 14:38:11 -0700 (PDT) Date: Mon, 25 Jun 2012 22:38:07 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120625223807.4dbeb91d@gumby.homeunix.com> In-Reply-To: <86pq8nxtjp.fsf@ds4.des.no> References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 21:38:20 -0000 On Mon, 25 Jun 2012 18:09:14 +0200 Dag-Erling Sm=F8rgrav wrote: > RW writes: > > Dag-Erling Sm=F8rgrav writes: > > > You do know that these keys are used only for authentication, and > > > not for encryption, right? > > I'm not very familiar with ssh, but surely they're also used for > > session-key exchange, which makes them crucial to encryption. They > > should be as secure as the strongest symmetric cipher they need to > > work with. >=20 > No. They are used for authentication only. This is crypto 101. It also generates a shared secret for key exchange, which is pretty much what I said. > Having a copy of the host key allows you to do one thing and one thing > only: impersonate the server. It does not allow you to eavesdrop on > an already-established connection. It enables you to eavesdrop on new connections, and eavesdroppers are often in a position to force reconnection on old ones. > If the server is set up to require key-based user authentication, an > attacker would also have to obtain the user's key to mount an > effective man-in-the-middle attack. If an attacker is only interested in a specific client, it may not be any harder to break the second public key, than the first one.=20