Date: Tue, 26 Jun 2012 13:01:12 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: RW <rwmaillists@googlemail.com> Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... Message-ID: <86sjdiwd53.fsf@ds4.des.no> In-Reply-To: <20120625223807.4dbeb91d@gumby.homeunix.com> (RW's message of "Mon, 25 Jun 2012 22:38:07 %2B0100") References: <CA%2BQLa9A4gdgPEn3YBpExTG05e4mqbgxr2kJ16BQ27OSozVmmwQ@mail.gmail.com> <86zk7sxvc3.fsf@ds4.des.no> <CA%2BQLa9Dyu96AxmCNLcU8n5R21aTH6dStDT004iA516EH=jTkvQ@mail.gmail.com> <20120625023104.2a0c7627@gumby.homeunix.com> <86pq8nxtjp.fsf@ds4.des.no> <20120625223807.4dbeb91d@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
RW <rwmaillists@googlemail.com> writes: > Dag-Erling Sm=C3=B8rgrav <des@des.no> writes: > > [host keys] are used for authentication only. This is crypto 101. > It also generates a shared secret for key exchange, which is pretty > much what I said. No. It is used to *sign* the key exhange, in order to authenticate the server. It is not used to *generate* the key. You need to read up on Diffie Hellman and the SSH transport layer (RFC 4253). The only way to intercept the key is a man-in-the-middle attack (negotiate a KEX with the client, sign it with the stolen host key, and negotiate a KEX with the server, pretending to be the client) > > Having a copy of the host key allows you to do one thing and one thing > > only: impersonate the server. It does not allow you to eavesdrop on > > an already-established connection. > It enables you to eavesdrop on new connections, and eavesdroppers > are often in a position to force reconnection on old ones. No. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86sjdiwd53.fsf>