[OT] ssh security

Olivier Nicole Olivier.Nicole at cs.ait.ac.th
Tue Mar 9 08:48:17 UTC 2010

> What happened to Diffie-Hellman?  Last I heard, its whole point was
> to enable secure communication, protected from both eavesdropping
> and MIM attacks, between systems having no prior trust relationship
> (e.g. any sort of pre-shared secret).  What stops the server and
> client from establishing a Diffie-Hellman session and using it to
> perform the key exchange?

I am not expert in cryptography, but logic tends to tell me that is I
have no prior knowledge about the person I am about to talk to,
anybody (MIM) could pretend to be that person.

The pre-shared information need not to be secret (key fingerprints are
not secret), but there is need for pre-shared trusted information.



More information about the freebsd-questions mailing list