What protects the strength of a ssh connection's encryption

May 15, 2008

Here is a suddenly burning question: what protects the strength of a ssh connection's encryption?

The answer is that the connection encryption is protected only by the strength of the random numbers chosen for the initial Diffie-Hellman key exchange that arranges the session key. This protection depends on both the server and the client using strong random numbers; if an attacker can guess the random number for either side, they can immediately recover the session key simply by acting out that side of the exchange.

The server's host key doesn't get involved in the actual Diffie-Hellman key exchange; it is merely used to sign a shared secret in order to verify that the server is who it says it is. This means that a weak server key doesn't weaken the connection encryption (although it enables man in the middle attacks), but also that a strong server key is no protection if either side is using weak random numbers.

(This comes from RFC 4253, section 8.)

The answer to the next burning question is that OpenSSH gets its random numbers (at least for Diffie-Hellman) from the OpenSSL libraries.

Written on 15 May 2008.
« Things I have learned about ZFS (and a Linux iSCSI target)
Why it is hard to decommission a DNS blocklist »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Thu May 15 00:17:54 2008
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.