Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: How to decrypt a connection SSH v2?
From: "Gary E. Miller" <gem () rellim com>
Date: Thu, 10 Jul 2008 07:54:29 -0700 (PDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Paul

On Thu, 10 Jul 2008, Paul Melson wrote:

On Wed, Jul 9, 2008 at 10:05 PM, Ulises2k <ulises2k () gmail com> wrote:
How to decrypt a connection SSH v2?
I have the private and public keys.
I have all sesion sniffed.

I'm afraid that's not enough.  SSH implements forward secrecy [1],


- From your wikipedia reference:

        "In an authenticated key-agreement protocol that uses public key
        cryptography, perfect forward secrecy (or PFS) is the property
        that ensures that a session key derived from a set of long-term
        public and private keys will not be compromised if one of the
        private keys is compromised in the future."

I assume if the attacker has the public and private keys from not just
one, but both ends, that PFS is not an obstacle.

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFIdiKo8KZibdeR3qURAtBXAKCKtVv1QcGyR5KRX+xClbcPqpy+UwCg8cQe
TVJP26xHZEzt4ipvGkGlK44=
=DWLn
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]