Re: [SECURITY] [DSA 1571-1] vulnerability of past SSH/SSL sessions
* Simon Valiquette <v.simon@ieee.org> [2008-05-14 16:36-0400]:
>
>> Affected keys include SSH keys [...] and session keys used
> > in SSL/TLS connections.
>
> It seems that people are insisting quite a lot on the bad keys, but
> what worry me a lot more is that, apparently and very logically, past ssh
> connections and any SSL session keys are to be considered compromised.
>
> In other words, if a vulnerable key have been involved, and if someone
> was able to intercept and save the encrypted data, he/she can now
> decipher It, whether It is passwords, ssh sessions, secure pop/smtp
> sessions, ssl tunnels or even database transactions. So you need to
> change every passwords at risk (bothersome, but relatively easy), but
> also consider that secure/confidential information, including credit card
> transactions or whatever, have been disclosed, which is a much bigger
> problem.
SSH traffic cannot be compromised that way. Basically the encryption key
used for the SSH session is *not* the host key nor the client key
itself, but it is created on session initiation using a Diffie-Helman
key exchange and the host/client keys are just used to verify the
authenticity of the server. In other words, ssh sessions are not
compromised just because an adversary has the host keys (unless a MITM
is setup, in which case you need bot the host key and the authentication
key to perform a mitm attack).
micah
Reply to: