Re: Need some education: Man-in-the-Middle Attacks

On Aug 31, 2006, at 2:02 PM, Christ, Bryan wrote:

My question is this... What prevents Eve from passing along the
challenge information to Alice? In other words, even though Eve does
not have the private key, and therefore cannot decrypt, Alice does.
Therefore Eve could send the information to Alice, get a valid response,
and then Eve passes that response back to Bob. Bob still has no way of
know that Eve is impersonating Alice and/or brokering messages.

In this situation, Eve would only see the encrypted traffic, because Alice's responses are encrypted with Bob's public key. I'm far from an expert on this, but I'm pretty sure that public key encryption is used just to set up symmetric key encryption so this is a bit oversimplified. But the answer you are looking for is that if Eve simply passes the traffic back and forth, she won't have the private keys to decrypt the traffic--she just sees a garbled mess (of course Eve can do this if she wants--but at this point, she's just acting as a router). In order for Eve to decipher the traffic (and perform a meaningful attack), she has to impersonate Alice by connecting to each with a separate ssh session, in which case the keys don't match-- ssh keeps the fingerprints on file. If Alice tries a MITM attack on the very first time Bob connects to Alice, though, Bob won't have the fingerprint on file. If Bob is cautious, however, he will have gotten the fingerprint from Alice beforehand, using the telephone, PGP/GPG or some other means, and he would notice that the fingerprint of Eve's key doesn't match the fingerprint that Alice told him to expect.
On Wed, 2006-08-30 at 15:58 -0600, Daniel DeLeo wrote:
As far as I know, the fingerprint is based on the public key (or is
the key? someone who knows more than I might want to clarify this) of
the SSH server. Eve could pass on the fingerprint, but she would not
have the private key, so data encrypted using the public key
associated with that fingerprint could not be decrypted by Eve. Of
course, nothing stops Eve from presenting her own key and hoping that
the user doesn't check the fingerprints.
On Aug 29, 2006, at 3:35 PM, Christ, Bryan wrote:


Please pardon my naivete.

I was looking at the diagram on the URL listed below and contemplating
how host fingerprinting prevents MITM attacks.

So my question is this... Given the illustration in the URL above,
prevents Eve from *first* contacting Alice to obtain a fingerprint
then gets passed to Bob on the first connection attempt?