Penetration Testing mailing list archives
Re: How to decrypt a connection SSH v2?
From: Tim <tim-pentest () sentinelchicken org>
Date: Thu, 10 Jul 2008 14:17:39 -0700
- From your wikipedia reference: "In an authenticated key-agreement protocol that uses public key cryptography, perfect forward secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future." I assume if the attacker has the public and private keys from not just one, but both ends, that PFS is not an obstacle.
No, actually I don't think that's the case, though it could depend on the protocol specifics. An after-the-fact offline attack normally wouldn't be possible without some knowledge of the session key, or of just one (out of two) of the DH secrets computed, but none of these are ever sent over the wire. The DH exchange doesn't have to depend on the main secret keys at all. Once again, a real-time attack is certainly doable by simply faking the exchange with either or both ends as they set up the session key. HTH, tim ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- How to decrypt a connection SSH v2? Ulises2k (Jul 09)
- Re: How to decrypt a connection SSH v2? Paul Melson (Jul 09)
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 10)
- Re: How to decrypt a connection SSH v2? Tim (Jul 10)
- Re: How to decrypt a connection SSH v2? Jimmy Brokaw (Jul 12)
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 10)
- Re: How to decrypt a connection SSH v2? Gary E. Miller (Jul 10)
- RE: How to decrypt a connection SSH v2? Paul Melson (Jul 10)
- RE: How to decrypt a connection SSH v2? Gary E. Miller (Jul 10)
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 10)
- Re: How to decrypt a connection SSH v2? Paul Melson (Jul 09)
- Re: How to decrypt a connection SSH v2? Tim (Jul 10)
- <Possible follow-ups>
- RE: How to decrypt a connection SSH v2? Gary E. Miller (Jul 10)
- Message not available
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 13)
- Message not available