Hardware potential to duplicate existing host keys... RSA DSA
ECDSA was Add rc.conf variables...
RW
rwmaillists at googlemail.com
Mon Jun 25 21:38:20 UTC 2012
On Mon, 25 Jun 2012 18:09:14 +0200
Dag-Erling Smørgrav wrote:
> RW <rwmaillists at googlemail.com> writes:
> > Dag-Erling Smørgrav <des at des.no> writes:
> > > You do know that these keys are used only for authentication, and
> > > not for encryption, right?
> > I'm not very familiar with ssh, but surely they're also used for
> > session-key exchange, which makes them crucial to encryption. They
> > should be as secure as the strongest symmetric cipher they need to
> > work with.
>
> No. They are used for authentication only. This is crypto 101.
It also generates a shared secret for key exchange, which is pretty
much what I said.
> Having a copy of the host key allows you to do one thing and one thing
> only: impersonate the server. It does not allow you to eavesdrop on
> an already-established connection.
It enables you to eavesdrop on new connections, and eavesdroppers
are often in a position to force reconnection on old ones.
> If the server is set up to require key-based user authentication, an
> attacker would also have to obtain the user's key to mount an
> effective man-in-the-middle attack.
If an attacker is only interested in a specific client, it may not be
any harder to break the second public key, than the first one.
More information about the freebsd-security
mailing list