[OT] ssh security

[Erik Norgaard]

On 10/03/10 07:16, perryh at pluto.rain.com wrote:

>> but logic tends to tell me that is I have no prior knowledge about
>> the person I am about to talk to, anybody (MIM) could pretend to
>> be that person.

True. Cryptography by it self does not solve the identity problem.

>> The pre-shared information need not to be secret ... but there is
>> need for pre-shared trusted information.
>
> Er, if the pre-shared information is not secret, how can I be sure
> that the person presenting it is in fact my intended correspondent
> and not a MIM?  My impression is that Diffie-Hellman (somehow) solves
> this sort of problem.

The preshared information, in this case the key fingerprint, is a 
fingerprint of the public key, without this, you cannot produce the 
fingerprint.

Yes, the fingerprint is calculated from the public key, which is .. er 
.. public, but that's not a problem since anything encrypted with the 
public key can only be decrypted by the owner of the private key.

In the session setup public keys are exchanged, on the basis of this key 
you calculate the fingerprint and compare with the one you have stored. 
If they do not match, connection is closed.

So, the MIM attack must be launched the very first time a user connects. 
This is where the user trusts the identity of the owner of the private 
key. The known_hosts file is only kept so you don't have to verify and 
trust the key every time.

If you worry about that kind of attack, then you should provide a method 
for verifying the fingerprint through a different channel, say users 
call support and have them read out the fingerprint, publish it on some 
separate server, or pre-install it on their computer when the account is 
created.

Diffie-Hellman does not solve this problem. DH is a protocol for 
agreeing on a shared secret in public, but it does not solve the 
identity problem.

BR, Erik
-- 
Erik Nørgaard
Ph: +34.666334818/+34.915211157                  http://www.locolomo.org