OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: The problem with SSH2
From: Peter Fairbrother (peter.fairbrotherntlworld.com)
Date: Fri Dec 29 2000 - 12:30:01 CST

on 29/12/00 10:20 am, Bill Stewart at bill.stewartpobox.com wrote:

> At 02:56 AM 12/29/00 +0000, Peter Fairbrother peterm-o-o-t.org wrote:
>>> If you want to make lusers safe against the blatant warning messages
>>> that OpenSSH produces when confonted with a MITM situation, you need
>>> only hardwire the configuration option "StrictHostKeyChecking" to
>>> "yes", which will disconnect when host keys are not what they are
>>> supposed to be.
>>
>> "Hardwire"?? "lusers"?? Crap. Don't expose them to risk at all.
>
> Welcome aboard, Peter!
>
> You can't - either there are
> eavesdroppers trying active attacks, or there aren't.
> Your choices are either to
> - not bother checking for MITM attacks, just prevent passive attacks.
> - Kill the connection if you detect an attack
> - Give the user a choice about killing the connection if you
> detect an attack.
> - Use a communication method that makes MITM attacks
> impossible to initiate (as distinguished from
> impossible to successfully complete.)

Why not use a communication method that makes MITM attacks impossible to
successfully complete? Doesn't that "not expose them to risk at all"?

I agree with the rest of your email.

Peter 

-- 
peterm-o-o-t.org
http://www.m-o-o-t.org

> Some radio systems may have this property.
> 
> Bram's making the first suggestion - If you don't bother with
> authentication (or at least don't include it in your basic connection
> protocols), it's immensely simpler to give lots of people
> encrypted connections.  That doesn't stop the Bad Guys from
> targeting specific individuals, but it does stop them from
> openly trawling the network looking for any connections with
> suspicious words in them.  It's not as secure, but by providing
> medium security to a much larger fraction of the internet,
> you can argue that you're winning over something that's
> much less used.  It's also useful for the common case of communications
> with an unknown party, e.g. J.Random.Webuser contacting BigWebSite.com.
> 
> The discussions you're ranting against are between the
> second and third options - If there are Bad Guys out there,
> and you catch them trying to break in, your choices are either to
> tell the user "hey, there are Bad Guys actively cracking your connection,
> do you want to continue?" (like, duhh, no I don't want to continue),
> or else you tell them "Click!  Connection dropped!" and leave them guessing.
> 
> The fourth option is occasionally available - things like Bluetooth
> or 802.11b that use local radio prevent MITM from actively eavesdropping
> the radio channel, but are still susceptible to the MITM convincing
> the two real endpoints to talk to a fake endpoint through
> whatever mechanism, whether it's DNS cracking or responding faster
> to ARPs or whatever.  But this isn't the general case.
> Thanks! 
> Bill
> Bill Stewart, bill.stewartpobox.com
> PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639