From owner-freebsd-questions@FreeBSD.ORG Wed Mar 10 06:13:11 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 24140106566B for ; Wed, 10 Mar 2010 06:13:11 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (unknown [IPv6:2607:f678:1010::34]) by mx1.freebsd.org (Postfix) with ESMTP id F21DF8FC18 for ; Wed, 10 Mar 2010 06:13:10 +0000 (UTC) Received: from agora.rdrop.com (66@localhost [127.0.0.1]) by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id o2A6D4aP090995 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 9 Mar 2010 22:13:05 -0800 (PST) (envelope-from perryh@pluto.rain.com) Received: (from uucp@localhost) by agora.rdrop.com (8.13.1/8.12.9/Submit) with UUCP id o2A6D4Ov090992; Tue, 9 Mar 2010 22:13:04 -0800 (PST) Received: from fbsd61 by pluto.rain.com (4.1/SMI-4.1-pluto-M2060407) id AA16747; Tue, 9 Mar 10 22:11:04 PST Date: Tue, 09 Mar 2010 22:16:12 -0800 From: perryh@pluto.rain.com To: Olivier.Nicole@cs.ait.ac.th Message-Id: <4b97392c.O1yEWWCVzta4T7fL%perryh@pluto.rain.com> References: <532b03711003071325j9ab3c98u703b31abdc7ea8fe@mail.gmail.com> <4b960747.T7FO5AkwXJGAGApg%perryh@pluto.rain.com> <201003090848.o298mBSN079005@banyan.cs.ait.ac.th> In-Reply-To: <201003090848.o298mBSN079005@banyan.cs.ait.ac.th> User-Agent: nail 11.25 7/29/05 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: [OT] ssh security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Mar 2010 06:13:11 -0000 Olivier Nicole wrote: > > What happened to Diffie-Hellman? Last I heard, its whole > > point was to enable secure communication, protected from both > > eavesdropping and MIM attacks, between systems having no prior > > trust relationship (e.g. any sort of pre-shared secret) ... > > I am not expert in cryptography ... Nor am I > but logic tends to tell me that is I have no prior knowledge about > the person I am about to talk to, anybody (MIM) could pretend to > be that person. > > The pre-shared information need not to be secret ... but there is > need for pre-shared trusted information. Er, if the pre-shared information is not secret, how can I be sure that the person presenting it is in fact my intended correspondent and not a MIM? My impression is that Diffie-Hellman (somehow) solves this sort of problem.