RW <rwmailli...@googlemail.com> writes: > Dag-Erling Smørgrav <d...@des.no> writes: > > You do know that these keys are used only for authentication, and > > not for encryption, right? > I'm not very familiar with ssh, but surely they're also used for > session-key exchange, which makes them crucial to encryption. They > should be as secure as the strongest symmetric cipher they need to work > with.
No. They are used for authentication only. This is crypto 101. Having a copy of the host key allows you to do one thing and one thing only: impersonate the server. It does not allow you to eavesdrop on an already-established connection. If the server is set up to require key-based user authentication, an attacker would also have to obtain the user's key to mount an effective man-in-the-middle attack. DES -- Dag-Erling Smørgrav - d...@des.no _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
