Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 26 Jun 2012 01:53:23 +0100
From:      RW <rwmaillists@googlemail.com>
To:        freebsd-security@freebsd.org
Subject:   Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables...
Message-ID:  <20120626015323.02b7f348@gumby.homeunix.com>
In-Reply-To: <4FE8F814.5020906@FreeBSD.org>
References:  <CA%2BQLa9A4gdgPEn3YBpExTG05e4mqbgxr2kJ16BQ27OSozVmmwQ@mail.gmail.com> <86zk7sxvc3.fsf@ds4.des.no> <CA%2BQLa9Dyu96AxmCNLcU8n5R21aTH6dStDT004iA516EH=jTkvQ@mail.gmail.com> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com> <4FE8DF29.50406@FreeBSD.org> <20120625235310.3eed966e@gumby.homeunix.com> <4FE8F814.5020906@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 25 Jun 2012 16:45:24 -0700
Doug Barton wrote:

> On 06/25/2012 15:53, RW wrote:
> > On Mon, 25 Jun 2012 14:59:05 -0700
> > Doug Barton wrote:
> > 
> >>>> Having a copy of the host key allows you to do one thing and one
> >>>> thing only: impersonate the server.  It does not allow you to
> >>>> eavesdrop on an already-established connection.
> >>>
> >>> It enables you to eavesdrop on new connections,
> >>
> >> Can you describe the mechanism used to do this? 
> > 
> > Through a MITM attack if nothing else
> 
> Sorry, I wasn't clear. Please describe, in precise, reproducible
> terms, how one would accomplish this. Or, link to known script-kiddie
> resources ... whatever. My point being, I'm pretty confident that
> what you're asserting isn't true. But if I'm wrong, I'd like to learn
> why.

Servers don't always require client keys for authentication. If they
don't then a MITM attack only needs the server's key.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120626015323.02b7f348>