Date: Tue, 9 Mar 2010 16:38:56 -0800 From: Liontaur <liontaur@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: [OT] ssh security Message-ID: <b121fe571003091638n13d531e9g4a0875eb6ccb8191@mail.gmail.com> In-Reply-To: <201003090848.o298mBSN079005@banyan.cs.ait.ac.th> References: <532b03711003071325j9ab3c98u703b31abdc7ea8fe@mail.gmail.com> <4b960747.T7FO5AkwXJGAGApg%perryh@pluto.rain.com> <201003090848.o298mBSN079005@banyan.cs.ait.ac.th>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 9, 2010 at 12:48 AM, Olivier Nicole <Olivier.Nicole@cs.ait.ac.th > wrote: > > What happened to Diffie-Hellman? Last I heard, its whole point was > > to enable secure communication, protected from both eavesdropping > > and MIM attacks, between systems having no prior trust relationship > > (e.g. any sort of pre-shared secret). What stops the server and > > client from establishing a Diffie-Hellman session and using it to > > perform the key exchange? > > I am not expert in cryptography, but logic tends to tell me that is I > have no prior knowledge about the person I am about to talk to, > anybody (MIM) could pretend to be that person. > > The pre-shared information need not to be secret (key fingerprints are > not secret), but there is need for pre-shared trusted information. > But to some extent, we setup and configure these machines ourselves. So when we're adding users could we not have an additional field with something like a phrase/answer or something else like that? Obviously it could be completely optional but it would be kind of neat and probably not too difficult to implement. Mark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b121fe571003091638n13d531e9g4a0875eb6ccb8191>