Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 25 Jun 2012 23:53:10 +0100
From:      RW <rwmaillists@googlemail.com>
To:        freebsd-security@freebsd.org
Subject:   Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables...
Message-ID:  <20120625235310.3eed966e@gumby.homeunix.com>
In-Reply-To: <4FE8DF29.50406@FreeBSD.org>
References:  <CA%2BQLa9A4gdgPEn3YBpExTG05e4mqbgxr2kJ16BQ27OSozVmmwQ@mail.gmail.com> <86zk7sxvc3.fsf@ds4.des.no> <CA%2BQLa9Dyu96AxmCNLcU8n5R21aTH6dStDT004iA516EH=jTkvQ@mail.gmail.com> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 25 Jun 2012 14:59:05 -0700
Doug Barton wrote:

> >> Having a copy of the host key allows you to do one thing and one
> >> thing only: impersonate the server.  It does not allow you to
> >> eavesdrop on an already-established connection.
> > 
> > It enables you to eavesdrop on new connections,
> 
> Can you describe the mechanism used to do this? 

Through a MITM attack if nothing else
> 
> > and  eavesdroppers
> > are often in a position to force reconnection on old ones.
> 
> If you can get on the network link between the client and the host,
> yes, you can force an existing connection to drop. But that doesn't
> require the host's secret key.

I didn't say it did, I was referring to the statement: "It does not
allow you to eavesdrop on an already-established connection."


> >> If the server is set up to require key-based user authentication,
> >> an attacker would also have to obtain the user's key to mount an
> >> effective man-in-the-middle attack.
> > 
> > If an attacker is only interested in a specific client, it may not
> > be any harder to break the second public key, than the first one. 
> 
> Well that's just plain nonsense. The moon "may" be made of green
> cheese.

It depends on the nature of the attack, but the possibility that two
arbitrary keys are of similar strength under a specific attack is not
on a par with the moon being made of cheese.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120625235310.3eed966e>