On Sun, Mar 7, 2010 at 11:25 PM, Angelin Lalev <[email protected]> wrote: > Greetings, > > I'm doing some research into ssh and its underlying cryptographic > methods and I have questions. I don't know whom else to ask and humbly > ask for forgiveness if I'm way OT. > > So, SSH uses algorithms like ssh-dss or ssh-rsa to do key exchange. > These algorithms can defeat any attempts on eavesdropping, but cannot > defeat man-in-the-middle attacks. To defeat them, some pre-shared > information is needed - key fingerprint. > > If hypothetically someone uses instead of the plain text > authentication some challenge-response scheme, based on user's > password or even a hash of user's password would ssh be able to avoid > the need the user to have key fingerprints of the server prior the > first connection? >
To clarify, we as users anyway do have shared secret with the server and that's the authentication password why we could not use that instead of or in addition to a key fingerprint? _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
