Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to decrypt a connection SSH v2?

From: Tim <tim-pentest () sentinelchicken org>
Date: Thu, 10 Jul 2008 14:13:31 -0700
But I have all session sniffed.(tcpdump)
No only private and public keys.
Can I decrypt the session?


I'm not familiar with the specifics of SSH's session key negotiation,
but if Paul is right and something like diffie-hellman key exchange is
used, then even with a full session capture and private keys, you still
don't have a way of getting past that DH key exchange in an offline
attack (in your lifetime, probably).  

However, if you have one of the private keys and you can conduct a
man-in-the-middle attack on the session, you can also man-in-the-middle
the DH key exchange in realtime to get what you're after.  You just
can't do it offline after the fact.

For more info, see: http://en.wikipedia.org/wiki/Diffie-Hellman

Good luck,
tim

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: