Date: Tue, 9 Mar 2010 15:48:11 +0700 (ICT) From: Olivier Nicole <Olivier.Nicole@cs.ait.ac.th> To: perryh@pluto.rain.com Cc: freebsd-questions@freebsd.org Subject: Re: [OT] ssh security Message-ID: <201003090848.o298mBSN079005@banyan.cs.ait.ac.th> In-Reply-To: <4b960747.T7FO5AkwXJGAGApg%perryh@pluto.rain.com> References: <532b03711003071325j9ab3c98u703b31abdc7ea8fe@mail.gmail.com> <4b960747.T7FO5AkwXJGAGApg%perryh@pluto.rain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> What happened to Diffie-Hellman? Last I heard, its whole point was > to enable secure communication, protected from both eavesdropping > and MIM attacks, between systems having no prior trust relationship > (e.g. any sort of pre-shared secret). What stops the server and > client from establishing a Diffie-Hellman session and using it to > perform the key exchange? I am not expert in cryptography, but logic tends to tell me that is I have no prior knowledge about the person I am about to talk to, anybody (MIM) could pretend to be that person. The pre-shared information need not to be secret (key fingerprints are not secret), but there is need for pre-shared trusted information. Bests, Olivier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003090848.o298mBSN079005>