Penetration Testing mailing list archives
Re: How to decrypt a connection SSH v2?
From: "Jimmy Brokaw" <hedgie () hedgie com>
Date: Sun, 13 Jul 2008 00:21:22 -0400 (EDT)
Tim wrote:
But I have all session sniffed.(tcpdump) No only private and public keys. Can I decrypt the session?I'm not familiar with the specifics of SSH's session key negotiation, but if Paul is right and something like diffie-hellman key exchange is used, then even with a full session capture and private keys, you still don't have a way of getting past that DH key exchange in an offline attack (in your lifetime, probably).
I'm with you. I don't know the specifics on how SSH works, but if it's possible to decrypt a session with a packet sniff and a complete set of public/private keys, there's a serious security flaw in the protocol. It's a Bad Idea to use a keypair for both encryption and authentication. The logical protocol would be to use the public/private key pairs for authentication, and negotiate a temporary key via DH. The temporary key would not be passed over the network, nor would it bear any relation to the public/private keys. Unless Alice or Bob were subverted prior to the closing of the SSH session, they would clear the key and no method other than brute force should exist to recover the session. -- \\\\\ hedgie () hedgie com \\\\\\\__o Bringing hedgehogs to the common folk since 1994. __\\\\\\\'/________________________________________________________ http://www.hedgie.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- How to decrypt a connection SSH v2? Ulises2k (Jul 09)
- Re: How to decrypt a connection SSH v2? Paul Melson (Jul 09)
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 10)
- Re: How to decrypt a connection SSH v2? Tim (Jul 10)
- Re: How to decrypt a connection SSH v2? Jimmy Brokaw (Jul 12)
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 10)
- Re: How to decrypt a connection SSH v2? Gary E. Miller (Jul 10)
- RE: How to decrypt a connection SSH v2? Paul Melson (Jul 10)
- RE: How to decrypt a connection SSH v2? Gary E. Miller (Jul 10)
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 10)
- Re: How to decrypt a connection SSH v2? Paul Melson (Jul 09)
- Re: How to decrypt a connection SSH v2? Tim (Jul 10)
- <Possible follow-ups>
- RE: How to decrypt a connection SSH v2? Gary E. Miller (Jul 10)
- Message not available
- Re: How to decrypt a connection SSH v2? Ulises2k (Jul 13)
- Message not available