Penetration Testing mailing list archives
Re: How to decrypt a connection SSH v2?
From: Tim <tim-pentest () sentinelchicken org>
Date: Thu, 10 Jul 2008 14:13:31 -0700
But I have all session sniffed.(tcpdump) No only private and public keys. Can I decrypt the session?
I'm not familiar with the specifics of SSH's session key negotiation, but if Paul is right and something like diffie-hellman key exchange is used, then even with a full session capture and private keys, you still don't have a way of getting past that DH key exchange in an offline attack (in your lifetime, probably). However, if you have one of the private keys and you can conduct a man-in-the-middle attack on the session, you can also man-in-the-middle the DH key exchange in realtime to get what you're after. You just can't do it offline after the fact. For more info, see: http://en.wikipedia.org/wiki/Diffie-Hellman Good luck, tim ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- How to decrypt a connection SSH v2? Ulises2k (Jul 09)
- Re: How to decrypt a connection SSH v2? Paul Melson (Jul 09)
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 10)
- Re: How to decrypt a connection SSH v2? Tim (Jul 10)
- Re: How to decrypt a connection SSH v2? Jimmy Brokaw (Jul 12)
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 10)
- Re: How to decrypt a connection SSH v2? Gary E. Miller (Jul 10)
- RE: How to decrypt a connection SSH v2? Paul Melson (Jul 10)
- RE: How to decrypt a connection SSH v2? Gary E. Miller (Jul 10)
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 10)
- Re: How to decrypt a connection SSH v2? Paul Melson (Jul 09)
- Re: How to decrypt a connection SSH v2? Tim (Jul 10)
- <Possible follow-ups>
- RE: How to decrypt a connection SSH v2? Gary E. Miller (Jul 10)
- Message not available
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 13)
- Message not available