Angelin Lalev <[email protected]> wrote: > So, SSH uses algorithms like ssh-dss or ssh-rsa to do key exchange. > These algorithms can defeat any attempts on eavesdropping, but cannot > defeat man-in-the-middle attacks. To defeat them, some pre-shared > information is needed - key fingerprint.
What happened to Diffie-Hellman? Last I heard, its whole point was to enable secure communication, protected from both eavesdropping and MIM attacks, between systems having no prior trust relationship (e.g. any sort of pre-shared secret). What stops the server and client from establishing a Diffie-Hellman session and using it to perform the key exchange? _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
