[Beowulf] Re: "hobbyists"

Perry E. Metzger perry at piermont.com
Thu Jun 19 12:43:19 PDT 2008


"Robert G. Brown" <rgb at phy.duke.edu> writes:
>> I can log in using your credentials if I have your private key and you
>> are using SSH with public key authentication. However, even if I have
>> both of your private and public keys, the ephemeral key used for a
>> particular session is agreed to using Diffie-Hellman key exchange, and
>> mere knowledge of your long term keys will not allow anyone to read
>> your session traffic. This property is known as "Perfect Forward
>> Secrecy." (Technically, this is only true of sshv2 -- sshv1 used
>> random nonces exchanged under RSA for the key material, but sshv1
>> is no longer in wide use because it has a number of security issues.)
>
> They do enable man in the middle attacks, however, so that while your
> connection cannot be snooped "passively", somebody in the middle (say,
> in possession of any intermediary router) can pretend to be both sides
> by establishing simulations of the connections requested and forwarding
> the traffic.

Not quite. If they only have your key, but not the remote host's key,
they can pretend to be you to the remote host, but they can't pretend
to be the remote host to you. (Similarly if they've stolen the host's
key but not yours.)

> Similarly, if somebody has both my public and private keys they very
> likely can get into my system

I said that. See "I can log in using your credentials", above.

> But otherwise sure.  Similar things for WPA vs WEP as I recall -- WEP
> doesn't change the ephemeral keys.

The latter is true (in that WEP has no such mechanisms at all), but
WPA in pre shared key mode doesn't change the base keys either, and
the TKIP keys are derived from it, so there is no perfect forward
secrecy. In "enterprise" mode, a shared key is created for each user,
but I'm not sure that all modes of the protocol end up providing
perfect forward secrecy.

> I didn't realize that they'd made 1024 bit keys vulnerable at this
> point.  I'm guessing that "vulnerable" still means "vulnerable to
> people with obscene amounts of free computer time and not enough to
> do"

I think the NSA types think of this sort of activity as quite
justified, as do their equivalents in other nations and in the, er,
"private sector". In particular, if you spend any of your time working
for banks, the issue is not ignorable because if money is at stake,
people will spend money to get at it. If you are mostly concerned
about your family members reading your email, the situation is quite
different. That said, typing "2048" instead of "1024" in to PGP or
OpenSSL is no more expensive, so there is no point in using shorter
keys even if you have little to worry about.

> as opposed to "vulnerable" as in airsnort makes WEP vulnerable to
> pimply faced kids with old laptops, but still, worth knowing,
> thanks!


Perry
-- 
Perry E. Metzger		perry at piermont.com



More information about the Beowulf mailing list