Re: Newbie question: SSH2 and public-key authentication safe?

From: Markus Friedl (msfriedl@cip.informatik.uni-erlangen.de)
Date: 01/26/02


From: msfriedl@cip.informatik.uni-erlangen.de (Markus Friedl)
Date: 26 Jan 2002 09:27:15 GMT


>For example#1, what if the WalletInspector steals my public-key (my
>private key is still safe.) If he has my public-key, is that
>enough for him to 'impersonate' my identity, and attempt to login
>to the SSH2 server?

no. he needs the unencrypted private key.

>For example#2, let's say the WalletInsepctor steals BOTH my
>public-key and private-key. By comparing the private-key and
>public-key, can he reconstruct the passphrase?

no. he needs the to start a brute force attack (e.g.
try words from a dictionary) against the encrypted
private key.



Relevant Pages

  • Usenet - How to protect free speech?
    ... there is an Evil Government Agency EGA that will arrest ... private key to members. ... All posts are then public-key encrypted and can only be read by ... people with the private key. ...
    (comp.security.misc)
  • Usenet - How to protect free speech?
    ... there is an Evil Government Agency EGA that will arrest ... private key to members. ... All posts are then public-key encrypted and can only be read by ... people with the private key. ...
    (alt.computer.security)
  • Re: question about gpg
    ... finding the private key. ... If that were true, public-key cryptography would be weak, ... because the encryption key is, after all, public. ... then I can figure out the plaintext by ...
    (comp.os.linux.security)
  • Re: A new public key algorithm based on avalanche properties
    ... *Anyone* who can create a key-pair ... and those must be public if the system is public-key). ... trivial arithmetic gives her the private key. ...
    (sci.crypt)
  • Newbie question: SSH2 and public-key authentication safe?
    ... (I apologize if this is an FAQ. ... If I use SSH2's public-key authentication, ... what if the WalletInspector steals my public-key (my ... public-key and private-key. ...
    (comp.security.ssh)