How does SSH-2 protect against Diffie-Hellman MITM?
cbdeja_at_my-deja.com
Date: 01/28/05
- Next message: Joachim Schipper: "Re: Chroot SSH error"
- Previous message: David Magda: "Re: Speed Difference SCP vs. RCP"
- Next in thread: Richard E. Silverman: "Re: How does SSH-2 protect against Diffie-Hellman MITM?"
- Reply: Richard E. Silverman: "Re: How does SSH-2 protect against Diffie-Hellman MITM?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Jan 2005 09:35:12 -0800
I know that Diffie-Hellman is vulnerable to man-in-the-middle attacks -
the transformed secrets that both ends send to one another could be
intercepted and substituted by a MITM.
So how does SSH-2 protect against this?
In SSH-1, the client generates a session key and encrypts it with the
server's public host key. But all of this is replaced in SSH-2 with
Hellman-Diffie.
If SSH-2 follows a similar handshake to SSH-1, then I guess the client
could encrypt their transformed secret with the server's public host
key before sending it to the server; but how can the server encrypt its
transformed secret before sending it to the client? Or does SSH-2 just
depend on ONE of the secrets being encrypted in transmission?
Of course the SSH-2 handshake may look completely different to SSH-1,
but I can't find a simplifed description of the SSH-2 handshake.
- Next message: Joachim Schipper: "Re: Chroot SSH error"
- Previous message: David Magda: "Re: Speed Difference SCP vs. RCP"
- Next in thread: Richard E. Silverman: "Re: How does SSH-2 protect against Diffie-Hellman MITM?"
- Reply: Richard E. Silverman: "Re: How does SSH-2 protect against Diffie-Hellman MITM?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
