From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 22:53:16 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B2E9F106566C for ; Mon, 25 Jun 2012 22:53:16 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) by mx1.freebsd.org (Postfix) with ESMTP id 33CEE8FC0A for ; Mon, 25 Jun 2012 22:53:16 +0000 (UTC) Received: by wibhr14 with SMTP id hr14so1316944wib.13 for ; Mon, 25 Jun 2012 15:53:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=nG4FO5VfWn1Eb8RPv0IsbSmy8NISHTfPs5mXahg5nYM=; b=ev2zt0QwAvBJNZhfw7RnQL0eTGgAs7SO5T7sez/6JHoOw0tNHALpYdUjm92KPRbHYQ sC0xEqmlJlC4hNvvXLsIrK2X7UigWiUq7cGKCdpEc0Qfmhua8bQCcWGSKW7E8pRvtSWU bhvjI7RP4wb2iDOGwRqS9iYkRE17/1MBATwTdAQoIH5+cEP5wVoI3kmpyir9zRGbHCF4 0l+VhOs2CR+aTUbLEkSQr4zQNzeYakzjORWTXK9SntVu+4vcXOpJNIUerP5Cg7nCLPOg oD1RbxOQE9QperybiumKCGZy4Mo6/2hiiqJdr0Gn9JbSvJhKw3PHRxSK720nWVVtXOoJ 9JJw== Received: by 10.216.81.7 with SMTP id l7mr808251wee.23.1340664795151; Mon, 25 Jun 2012 15:53:15 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id q6sm1227592wiy.0.2012.06.25.15.53.12 (version=SSLv3 cipher=OTHER); Mon, 25 Jun 2012 15:53:14 -0700 (PDT) Date: Mon, 25 Jun 2012 23:53:10 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120625235310.3eed966e@gumby.homeunix.com> In-Reply-To: <4FE8DF29.50406@FreeBSD.org> References: <86zk7sxvc3.fsf@ds4.des.no> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 22:53:16 -0000 On Mon, 25 Jun 2012 14:59:05 -0700 Doug Barton wrote: > >> Having a copy of the host key allows you to do one thing and one > >> thing only: impersonate the server. It does not allow you to > >> eavesdrop on an already-established connection. > > > > It enables you to eavesdrop on new connections, > > Can you describe the mechanism used to do this? Through a MITM attack if nothing else > > > and eavesdroppers > > are often in a position to force reconnection on old ones. > > If you can get on the network link between the client and the host, > yes, you can force an existing connection to drop. But that doesn't > require the host's secret key. I didn't say it did, I was referring to the statement: "It does not allow you to eavesdrop on an already-established connection." > >> If the server is set up to require key-based user authentication, > >> an attacker would also have to obtain the user's key to mount an > >> effective man-in-the-middle attack. > > > > If an attacker is only interested in a specific client, it may not > > be any harder to break the second public key, than the first one. > > Well that's just plain nonsense. The moon "may" be made of green > cheese. It depends on the nature of the attack, but the possibility that two arbitrary keys are of similar strength under a specific attack is not on a par with the moon being made of cheese.