Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: How to decrypt a connection SSH v2?

From: "Paul Melson" <pmelson () gmail com>
Date: Thu, 10 Jul 2008 12:55:42 -0400
I assume if the attacker has the public and private keys from not just
one, but both ends, that PFS is not an obstacle.


Let's start with, Disclaimer: I am not a cryptographer.  Someone smarter may
later contradict what I say here.  You're probably wise to listen to them.

It's my understanding that even if you have both endpoints' public and
private key pairs, that's not enough to recreate the ephemeral keys used
during a particular session.  Without those keys, the packet capture cannot
be decrypted.  

I believe the bar you must get over to decrypt an SSH session on the network
is to be attached to the client or server process with a debugger during the
session.

PaulM




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: