Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 25 Jun 2012 16:45:24 -0700
From:      Doug Barton <dougb@FreeBSD.org>
To:        RW <rwmaillists@googlemail.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables...
Message-ID:  <4FE8F814.5020906@FreeBSD.org>
In-Reply-To: <20120625235310.3eed966e@gumby.homeunix.com>
References:  <CA%2BQLa9A4gdgPEn3YBpExTG05e4mqbgxr2kJ16BQ27OSozVmmwQ@mail.gmail.com> <86zk7sxvc3.fsf@ds4.des.no> <CA%2BQLa9Dyu96AxmCNLcU8n5R21aTH6dStDT004iA516EH=jTkvQ@mail.gmail.com> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 06/25/2012 15:53, RW wrote:
> On Mon, 25 Jun 2012 14:59:05 -0700
> Doug Barton wrote:
> 
>>>> Having a copy of the host key allows you to do one thing and one
>>>> thing only: impersonate the server.  It does not allow you to
>>>> eavesdrop on an already-established connection.
>>>
>>> It enables you to eavesdrop on new connections,
>>
>> Can you describe the mechanism used to do this? 
> 
> Through a MITM attack if nothing else

Sorry, I wasn't clear. Please describe, in precise, reproducible terms,
how one would accomplish this. Or, link to known script-kiddie resources
... whatever. My point being, I'm pretty confident that what you're
asserting isn't true. But if I'm wrong, I'd like to learn why.

>>> and  eavesdroppers
>>> are often in a position to force reconnection on old ones.
>>
>> If you can get on the network link between the client and the host,
>> yes, you can force an existing connection to drop. But that doesn't
>> require the host's secret key.
> 
> I didn't say it did, I was referring to the statement: "It does not
> allow you to eavesdrop on an already-established connection."

So, correct, but irrelevant.

>>>> If the server is set up to require key-based user authentication,
>>>> an attacker would also have to obtain the user's key to mount an
>>>> effective man-in-the-middle attack.
>>>
>>> If an attacker is only interested in a specific client, it may not
>>> be any harder to break the second public key, than the first one. 
>>
>> Well that's just plain nonsense. The moon "may" be made of green
>> cheese.
> 
> It depends on the nature of the attack, but the possibility that two
> arbitrary keys are of similar strength under a specific attack is not
> on a par with the moon being made of cheese.  

Again, correct, but irrelevant.

Doug

-- 

    This .signature sanitized for your protection





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FE8F814.5020906>