Date: Wed, 10 Mar 2010 08:33:09 +0100 From: Erik Norgaard <norgaard@locolomo.org> To: freebsd-questions@freebsd.org Subject: Re: [OT] ssh security Message-ID: <4B974B35.2010900@locolomo.org> In-Reply-To: <4b97392c.O1yEWWCVzta4T7fL%perryh@pluto.rain.com> References: <532b03711003071325j9ab3c98u703b31abdc7ea8fe@mail.gmail.com> <4b960747.T7FO5AkwXJGAGApg%perryh@pluto.rain.com> <201003090848.o298mBSN079005@banyan.cs.ait.ac.th> <4b97392c.O1yEWWCVzta4T7fL%perryh@pluto.rain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/03/10 07:16, perryh@pluto.rain.com wrote: >> but logic tends to tell me that is I have no prior knowledge about >> the person I am about to talk to, anybody (MIM) could pretend to >> be that person. True. Cryptography by it self does not solve the identity problem. >> The pre-shared information need not to be secret ... but there is >> need for pre-shared trusted information. > > Er, if the pre-shared information is not secret, how can I be sure > that the person presenting it is in fact my intended correspondent > and not a MIM? My impression is that Diffie-Hellman (somehow) solves > this sort of problem. The preshared information, in this case the key fingerprint, is a fingerprint of the public key, without this, you cannot produce the fingerprint. Yes, the fingerprint is calculated from the public key, which is .. er .. public, but that's not a problem since anything encrypted with the public key can only be decrypted by the owner of the private key. In the session setup public keys are exchanged, on the basis of this key you calculate the fingerprint and compare with the one you have stored. If they do not match, connection is closed. So, the MIM attack must be launched the very first time a user connects. This is where the user trusts the identity of the owner of the private key. The known_hosts file is only kept so you don't have to verify and trust the key every time. If you worry about that kind of attack, then you should provide a method for verifying the fingerprint through a different channel, say users call support and have them read out the fingerprint, publish it on some separate server, or pre-install it on their computer when the account is created. Diffie-Hellman does not solve this problem. DH is a protocol for agreeing on a shared secret in public, but it does not solve the identity problem. BR, Erik -- Erik Nørgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B974B35.2010900>