Jeffrey Altman <[EMAIL PROTECTED]> writes:
> > That kinda sucks, doesn't it?
> >
> > > Once again, using anonymous DH is a really terrible idea.
> > > It leaves you completely open to active attack.
> >
> > That might be the case, but it's far better than no crypt at all.
> > I could imagine the effect of using ADH is similar to using SSH without RSA.
> > Or is it even worse?
>
> Actually, using Anonymous DH is about as bad as using SSH (with or
> without public authentication). Both leave you open to man in the
> middle attacks in which you believe you are talking to the host you
> desire, but really you are talking to the man in the middle who has
> then established as connection to the host you want to chat with.
>
> The attacker just sits there in the middle decrypting, storing, and
> re-encrypting all of the data.
I don't believe this is correct. SSH keeps a record of the
public keys for known machines. It won't connect to machines
with unknown key sunless you tell it to explicitly.
So, if you arrange to obtain the public keys of machines
you wish to connect to securely (not that hard) then you should
not be subject to a man-in-the-middle attack..
Even if you are connecting for the first time over an open network,
SSH allows you to store the server keys so you're only at risk
for man-in-the-middle once. This is significantly better than
anonymous DH where you're always at risk.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
PureTLS - free SSLv3/TLS software for Java
http://www.rtfm.com/puretls/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
