Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to decrypt a connection SSH v2?

From: Tim <tim-pentest () sentinelchicken org>
Date: Thu, 10 Jul 2008 14:17:39 -0700
- From your wikipedia reference:

        "In an authenticated key-agreement protocol that uses public key
        cryptography, perfect forward secrecy (or PFS) is the property
        that ensures that a session key derived from a set of long-term
        public and private keys will not be compromised if one of the
        private keys is compromised in the future."

I assume if the attacker has the public and private keys from not just
one, but both ends, that PFS is not an obstacle.


No, actually I don't think that's the case, though it could depend on
the protocol specifics.  An after-the-fact offline attack normally
wouldn't be possible without some knowledge of the session key, or of
just one (out of two) of the DH secrets computed, but none of these are
ever sent over the wire.  The DH exchange doesn't have to depend on the
main secret keys at all.  Once again, a real-time attack is certainly
doable by simply faking the exchange with either or both ends as they
set up the session key.

HTH,
tim

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: