Tim wrote:
>> But I have all session sniffed.(tcpdump)
>> No only private and public keys.
>> Can I decrypt the session?
>
> I'm not familiar with the specifics of SSH's session key negotiation, but if
> Paul is right and something like diffie-hellman key exchange is used, then
> even with a full session capture and private keys, you still don't have a way
> of getting past that DH key exchange in an offline attack (in your lifetime,
> probably).

I'm with you. I don't know the specifics on how SSH works, but if it's
possible to decrypt a session with a packet sniff and a complete set of
public/private keys, there's a serious security flaw in the protocol. It's a
Bad Idea to use a keypair for both encryption and authentication. The logical
protocol would be to use the public/private key pairs for authentication, and
negotiate a temporary key via DH. The temporary key would not be passed over
the network, nor would it bear any relation to the public/private keys.
Unless Alice or Bob were subverted prior to the closing of the SSH session,
they would clear the key and no method other than brute force should exist to
recover the session.

--
\\\\\ hedgie (at) hedgie (dot) com [email concealed]
\\\\\\\__o Bringing hedgehogs to the common folk since 1994.
__\\\\\\\'/________________________________________________________
http://www.hedgie.com

------------------------------------------------------------------------

This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

[ reply ]