[OT] ssh security

Olivier Nicole Olivier.Nicole at cs.ait.ac.th
Wed Mar 10 10:59:48 UTC 2010


> > The pre-shared information need not to be secret ... but there is
> > need for pre-shared trusted information.
> Er, if the pre-shared information is not secret, how can I be sure
> that the person presenting it is in fact my intended correspondent
> and not a MIM?

That is why I wrote "trusted", I don't assume how this is trusted, but
I need to trust it.

If I am 100% sure the fingerprint comes from the right guy, I can
easily test that the fingerprint corresponds to the intended public
key, so that the publick key effectively belongs to the right guy, and
crypting with that public key, only the right guy with his provate key
will be able to read my message.

Now Diffie-Hellman may help providing the trust for the fingerprint.



More information about the freebsd-questions mailing list