From owner-freebsd-questions@FreeBSD.ORG Tue Mar 9 08:48:17 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DAC611065693 for ; Tue, 9 Mar 2010 08:48:17 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) by mx1.freebsd.org (Postfix) with ESMTP id 8A4148FC2A for ; Tue, 9 Mar 2010 08:48:17 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.cs.ait.ac.th (Postfix) with ESMTP id E1BEF3A383C; Tue, 9 Mar 2010 15:48:13 +0700 (ICT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.ait.ac.th; h= references:subject:subject:in-reply-to:from:from:message-id:date :date:received:received:received; s=selector1; t=1268124493; x= 1269938893; bh=+fkE9gGhRU7VaLL4zb3grpvYzdPW6fCUOSh93JZYBzQ=; b=j nNfxgyDfRJsR7EnPw2663nhx1p6vFi+Jwk6k7yKfhmqIMFqK7Rw9Lyjer5ghLYwI 6Mb9JZlnWmXV1+hN6M3GfJ6YY0r2WxvQwa/VvwJuQWkle7CzTh10NeqIiKC6J0c8 2o0N4eBXFUpHJP5rjTDbOqy2GmqH+WO3kTR5xNQGEM= X-Virus-Scanned: amavisd-new at cs.ait.ac.th Received: from mail.cs.ait.ac.th ([127.0.0.1]) by localhost (mail.cs.ait.ac.th [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id jfiGallgGrCA; Tue, 9 Mar 2010 15:48:13 +0700 (ICT) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.cs.ait.ac.th (Postfix) with ESMTPS id 74D1F3A3836; Tue, 9 Mar 2010 15:48:13 +0700 (ICT) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.14.3/8.14.3/Submit) id o298mBSN079005; Tue, 9 Mar 2010 15:48:11 +0700 (ICT) (envelope-from on) Date: Tue, 9 Mar 2010 15:48:11 +0700 (ICT) Message-Id: <201003090848.o298mBSN079005@banyan.cs.ait.ac.th> From: Olivier Nicole To: perryh@pluto.rain.com In-reply-to: <4b960747.T7FO5AkwXJGAGApg%perryh@pluto.rain.com> References: <532b03711003071325j9ab3c98u703b31abdc7ea8fe@mail.gmail.com> <4b960747.T7FO5AkwXJGAGApg%perryh@pluto.rain.com> Cc: freebsd-questions@freebsd.org Subject: Re: [OT] ssh security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Mar 2010 08:48:17 -0000 > What happened to Diffie-Hellman? Last I heard, its whole point was > to enable secure communication, protected from both eavesdropping > and MIM attacks, between systems having no prior trust relationship > (e.g. any sort of pre-shared secret). What stops the server and > client from establishing a Diffie-Hellman session and using it to > perform the key exchange? I am not expert in cryptography, but logic tends to tell me that is I have no prior knowledge about the person I am about to talk to, anybody (MIM) could pretend to be that person. The pre-shared information need not to be secret (key fingerprints are not secret), but there is need for pre-shared trusted information. Bests, Olivier