Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: How to decrypt a connection SSH v2?
From: Tim <tim-pentest () sentinelchicken org>
Date: Thu, 10 Jul 2008 14:13:31 -0700

But I have all session sniffed.(tcpdump)
No only private and public keys.
Can I decrypt the session?

I'm not familiar with the specifics of SSH's session key negotiation,
but if Paul is right and something like diffie-hellman key exchange is
used, then even with a full session capture and private keys, you still
don't have a way of getting past that DH key exchange in an offline
attack (in your lifetime, probably).  

However, if you have one of the private keys and you can conduct a
man-in-the-middle attack on the session, you can also man-in-the-middle
the DH key exchange in realtime to get what you're after.  You just
can't do it offline after the fact.

For more info, see: http://en.wikipedia.org/wiki/Diffie-Hellman

Good luck,
tim

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault