[OT] ssh security
Liontaur
liontaur at gmail.com
Wed Mar 10 00:38:58 UTC 2010
On Tue, Mar 9, 2010 at 12:48 AM, Olivier Nicole <Olivier.Nicole at cs.ait.ac.th
> wrote:
> > What happened to Diffie-Hellman? Last I heard, its whole point was
> > to enable secure communication, protected from both eavesdropping
> > and MIM attacks, between systems having no prior trust relationship
> > (e.g. any sort of pre-shared secret). What stops the server and
> > client from establishing a Diffie-Hellman session and using it to
> > perform the key exchange?
>
> I am not expert in cryptography, but logic tends to tell me that is I
> have no prior knowledge about the person I am about to talk to,
> anybody (MIM) could pretend to be that person.
>
> The pre-shared information need not to be secret (key fingerprints are
> not secret), but there is need for pre-shared trusted information.
>
But to some extent, we setup and configure these machines ourselves. So when
we're adding users could we not have an additional field with something like
a phrase/answer or something else like that? Obviously it could be
completely optional but it would be kind of neat and probably not too
difficult to implement.
Mark
More information about the freebsd-questions
mailing list