Date: Tue, 09 Mar 2010 00:31:03 -0800 From: perryh@pluto.rain.com To: lalev.angelin@gmail.com Cc: freebsd-questions@freebsd.org Subject: Re: [OT] ssh security Message-ID: <4b960747.T7FO5AkwXJGAGApg%perryh@pluto.rain.com> In-Reply-To: <532b03711003071325j9ab3c98u703b31abdc7ea8fe@mail.gmail.com> References: <532b03711003071325j9ab3c98u703b31abdc7ea8fe@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Angelin Lalev <lalev.angelin@gmail.com> wrote: > So, SSH uses algorithms like ssh-dss or ssh-rsa to do key exchange. > These algorithms can defeat any attempts on eavesdropping, but cannot > defeat man-in-the-middle attacks. To defeat them, some pre-shared > information is needed - key fingerprint. What happened to Diffie-Hellman? Last I heard, its whole point was to enable secure communication, protected from both eavesdropping and MIM attacks, between systems having no prior trust relationship (e.g. any sort of pre-shared secret). What stops the server and client from establishing a Diffie-Hellman session and using it to perform the key exchange?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4b960747.T7FO5AkwXJGAGApg%perryh>