From owner-freebsd-questions@FreeBSD.ORG Wed Mar 10 07:33:13 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0E01F1065673 for ; Wed, 10 Mar 2010 07:33:13 +0000 (UTC) (envelope-from norgaard@locolomo.org) Received: from mail.locolomo.org (97.pool85-48-194.static.orange.es [85.48.194.97]) by mx1.freebsd.org (Postfix) with ESMTP id AF9008FC18 for ; Wed, 10 Mar 2010 07:33:12 +0000 (UTC) Received: from beta.local (ppp-82-135-69-100.dynamic.mnet-online.de [82.135.69.100]) by mail.locolomo.org (Postfix) with ESMTPSA id 1E8001C0871 for ; Wed, 10 Mar 2010 08:33:10 +0100 (CET) Message-ID: <4B974B35.2010900@locolomo.org> Date: Wed, 10 Mar 2010 08:33:09 +0100 From: Erik Norgaard User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.8) Gecko/20100227 Lightning/1.0b1 Thunderbird/3.0.3 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <532b03711003071325j9ab3c98u703b31abdc7ea8fe@mail.gmail.com> <4b960747.T7FO5AkwXJGAGApg%perryh@pluto.rain.com> <201003090848.o298mBSN079005@banyan.cs.ait.ac.th> <4b97392c.O1yEWWCVzta4T7fL%perryh@pluto.rain.com> In-Reply-To: <4b97392c.O1yEWWCVzta4T7fL%perryh@pluto.rain.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: [OT] ssh security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Mar 2010 07:33:13 -0000 On 10/03/10 07:16, perryh@pluto.rain.com wrote: >> but logic tends to tell me that is I have no prior knowledge about >> the person I am about to talk to, anybody (MIM) could pretend to >> be that person. True. Cryptography by it self does not solve the identity problem. >> The pre-shared information need not to be secret ... but there is >> need for pre-shared trusted information. > > Er, if the pre-shared information is not secret, how can I be sure > that the person presenting it is in fact my intended correspondent > and not a MIM? My impression is that Diffie-Hellman (somehow) solves > this sort of problem. The preshared information, in this case the key fingerprint, is a fingerprint of the public key, without this, you cannot produce the fingerprint. Yes, the fingerprint is calculated from the public key, which is .. er .. public, but that's not a problem since anything encrypted with the public key can only be decrypted by the owner of the private key. In the session setup public keys are exchanged, on the basis of this key you calculate the fingerprint and compare with the one you have stored. If they do not match, connection is closed. So, the MIM attack must be launched the very first time a user connects. This is where the user trusts the identity of the owner of the private key. The known_hosts file is only kept so you don't have to verify and trust the key every time. If you worry about that kind of attack, then you should provide a method for verifying the fingerprint through a different channel, say users call support and have them read out the fingerprint, publish it on some separate server, or pre-install it on their computer when the account is created. Diffie-Hellman does not solve this problem. DH is a protocol for agreeing on a shared secret in public, but it does not solve the identity problem. BR, Erik -- Erik Nørgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org