Re: How does SSH-2 protect against Diffie-Hellman MITM?
From: Richard E. Silverman (res_at_qoxp.net)
Date: 01/28/05
- Previous message: mguy: "Putty SSH connection with grabage characters"
- In reply to: cbdeja_at_my-deja.com: "How does SSH-2 protect against Diffie-Hellman MITM?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Jan 2005 17:34:07 -0500
>>>>> "cbdeja" == cbdeja <cbdeja@my-deja.com> writes:
cbdeja> I know that Diffie-Hellman is vulnerable to man-in-the-middle
cbdeja> attacks - the transformed secrets that both ends send to one
cbdeja> another could be intercepted and substituted by a MITM.
cbdeja> So how does SSH-2 protect against this?
cbdeja> In SSH-1, the client generates a session key and encrypts it
cbdeja> with the server's public host key. But all of this is replaced
cbdeja> in SSH-2 with Hellman-Diffie.
cbdeja> If SSH-2 follows a similar handshake to SSH-1, then I guess
cbdeja> the client could encrypt their transformed secret with the
cbdeja> server's public host key before sending it to the server; but
cbdeja> how can the server encrypt its transformed secret before
cbdeja> sending it to the client? Or does SSH-2 just depend on ONE of
cbdeja> the secrets being encrypted in transmission?
cbdeja> Of course the SSH-2 handshake may look completely different to
cbdeja> SSH-1, but I can't find a simplifed description of the SSH-2
cbdeja> handshake.
Essentially, SSH-2 signs the DH exchange with the server's host key,
incorporating the session ID as proof of liveness. For details see:
http://www.snailbook.com/docs/transport.txt
-- Richard Silverman res@qoxp.net
- Previous message: mguy: "Putty SSH connection with grabage characters"
- In reply to: cbdeja_at_my-deja.com: "How does SSH-2 protect against Diffie-Hellman MITM?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
