What protects the strength of a ssh connection's encryption
Here is a suddenly burning question: what protects the strength of a ssh connection's encryption?
The answer is that the connection encryption is protected only by the strength of the random numbers chosen for the initial Diffie-Hellman key exchange that arranges the session key. This protection depends on both the server and the client using strong random numbers; if an attacker can guess the random number for either side, they can immediately recover the session key simply by acting out that side of the exchange.
The server's host key doesn't get involved in the actual Diffie-Hellman key exchange; it is merely used to sign a shared secret in order to verify that the server is who it says it is. This means that a weak server key doesn't weaken the connection encryption (although it enables man in the middle attacks), but also that a strong server key is no protection if either side is using weak random numbers.
(This comes from RFC 4253, section 8.)
The answer to the next burning question is that OpenSSH gets its random numbers (at least for Diffie-Hellman) from the OpenSSL libraries.
|
|