Date: Wed, 10 Mar 2010 17:59:41 +0700 (ICT) From: Olivier Nicole <Olivier.Nicole@cs.ait.ac.th> To: perryh@pluto.rain.com Cc: freebsd-questions@freebsd.org Subject: Re: [OT] ssh security Message-ID: <201003101059.o2AAxfns092895@banyan.cs.ait.ac.th> In-Reply-To: <4b97392c.O1yEWWCVzta4T7fL%perryh@pluto.rain.com> References: <532b03711003071325j9ab3c98u703b31abdc7ea8fe@mail.gmail.com> <4b960747.T7FO5AkwXJGAGApg%perryh@pluto.rain.com> <201003090848.o298mBSN079005@banyan.cs.ait.ac.th> <4b97392c.O1yEWWCVzta4T7fL%perryh@pluto.rain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > > The pre-shared information need not to be secret ... but there is > > need for pre-shared trusted information. > Er, if the pre-shared information is not secret, how can I be sure > that the person presenting it is in fact my intended correspondent > and not a MIM? That is why I wrote "trusted", I don't assume how this is trusted, but I need to trust it. If I am 100% sure the fingerprint comes from the right guy, I can easily test that the fingerprint corresponds to the intended public key, so that the publick key effectively belongs to the right guy, and crypting with that public key, only the right guy with his provate key will be able to read my message. Now Diffie-Hellman may help providing the trust for the fingerprint. Bests, Olivier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003101059.o2AAxfns092895>