Atro Tossavainen wrote:
> Dear Raffaele,
> It doesn't look quite clear to me whether you've understood the ssh
> encryption protocols.
> DES is not a public key protocol, it is a symmetric cipher.
Sorry Atro,
I mis-typed "DSA" with "DES", what I really meant was DSA not DES :-(
> Ssh1 uses RSA to do key exchange (and user authentication where
> applicable). If RSA can be broken, the session key for a session (using
> whichever cipher, be it IDEA, Blowfish or 3DES) can be acquired and the
> session listened to. Also, if RSA can be broken, the user authentication
> may be able to be compromised (assuming you are able to discover the
> random number that sshd generates, then encrypts with your public key
> to verify you are you...)
>
I don't know much about ssh1 since I'm writing about ssh2 protocol, however
RSA is weak to some "chosen plain text attack" if the client is able to
choose entirely the random number (challenge) to send to the server for host
authentication and key exchange. This shouldn't happen with ssh2 'cos the
challenge is chosen by either side and then hashed with SHA1. Do you know
about weak implementation of DSA?
Thanks
Raffaele.
