Date: Tue, 5 Jun 2001 13:49:58 -0400 (EDT) From: Alex <alex@bsdfreak.org> To: Alex Holst <a@area51.dk> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <Pine.BSF.4.32.0106051348470.20750-100000@magnetar.blackhatnetworks.com> In-Reply-To: <20010605194514.B98233@area51.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
> Quoting Crist Clark (crist.clark@globalstar.com): > > You cannot 'record passphrases.' RSA authentication uses public key > > cryptography. > > Exactly. However, consider the three machines in the scenario below: > > workstation ---> compromised middle machine ---> server > > I have been thinking about the least risk approach. If the middle machine > has ssh and sshd trojaned to various degrees, would one not benefit from > using authentication forwarding rather than typing one's passphrase to the > ssh client on the compromised machine? This is a perfect scenario for the attack to perform a man-in-the-middle attack, passive SSH analysis, or a brute force attempt at the cryptographic integrity of the connection. -Alex > > If one does lose his passphrase and the trojaned ssh captured the response > it still wouldn't do an intruder much good, would it? > > -- > I prefer the dark of the night, after midnight and before four-thirty, > when it's more bare, more hollow. http://a.area51.dk/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.32.0106051348470.20750-100000>