|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: The problem with SSH2
From: Peter Fairbrother (peter.fairbrother
ntlworld.com)Date: Mon Jan 01 2001 - 18:14:40 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
on 31/12/00 3:26 pm, Markus Friedl at
markus.friedlinformatik.uni-erlangen.de wrote:
> On Fri, Dec 29, 2000 at 02:56:39AM +0000, Peter Fairbrother wrote:
>> on 28/12/00 3:05 am, Damien Miller at djmmindrot.org wrote:
>>> Yes - but now you cannot be MITM'd. For PK auth in SSH2 you are signing
>>> data which includes the session identifier which is derived from the
>>> DH key exchange between the client and the server.
>>>
>>> If there is a MITM then the real client is going to have a different
>>> session id taking to the MITM than the MITM is going to have in talking
>>> to the real server. PK auth will fail with a bad signature.
>>>
>>> -d
>>
>> More crap. Use normal email with end-to-end crypto and protocol stuff
>> included in the message, and fuck all that server nonsense, you don't need
>> it.
>> [...]
>> We (m-o-o-t) might be tempted to implement a plug-in to OE etc. just because
>> we're pissed off with your elitist stance, and it might be a good idea,
>> except we're going to defeat traffic analysis and active attacks as well.
>
> sorry, how is this related to Pubkey authentication in SSH2?
It isn't, it was supposed to be part of another email (about email) and was
sent by mistake. I apologise. Too much Christmas spirit.
I still don't much like SSH2 though. Without mandatory authentication (and
encryption - SSH2 doesn't actually require encryption) saying "X" uses SSH2
is nearly meaningless in security terms, it's open to impostor and meaconing
attacks as well as MITM. If users have to select from products or options
they don't understand, I doubt that they will use them securely.
SSH2 can be used securely, but the requirement is on the implementer or user
to do so, not SSH2. That is the real problem with SSH2. They wimped out. To
quote www.ipsec.com/tech/archive/secsh/architecture.txt :
"The primary goal of the SSH protocols is improved security on the
Internet. It attempts to do this in a way that is easy to deploy, even
at the cost of absolute security."
They do this sort of thing all over the place, eg they say that all
algorithms are well-known and use cryptographically sound key sizes, but
they let anyone define a new algorithm. I can guess what Schneier and his
ilk would say about that.
-- Peter Fairbrother peter.fairbrother
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]