Re: draft minutes from meeting at ietf50..

To: Tom Holroyd <tomh%po.crl.go.jp@localhost>
Subject: Re: draft minutes from meeting at ietf50..
From: Markus Friedl <Markus.Friedl%informatik.uni-erlangen.de@localhost>
Date: Mon, 23 Apr 2001 08:31:28 +0200

On Mon, Apr 23, 2001 at 09:54:19AM +0900, Tom Holroyd wrote:
> On Sat, 21 Apr 2001, Markus Friedl wrote:
> 
> > On Sat, Apr 21, 2001 at 03:50:10PM +0900, Tom Holroyd wrote:
> > > On Fri, 20 Apr 2001, Niels Provos wrote:
> > >
> > > > An adversary can listen to SSH network traffic to determine the length
> > > > of authentication passwords typed during login and interactive shell
> > > > sessions [B].
> > >
> > > Of course SRP authentication fixes that...  The SRP shared secret can also
> > > be used to trigger a key-reexchange, which makes shorter DH parameters
> > > less of a problem.
> >
> > i don't see how SRP makes traffic analysis harder.
> >
> > could you please provide details.
> 
> The SRP password is never sent over the network, only some random bignums
> of known length, and some hashes, also of known length.  So even if you
> can observe traffic you can't get the length of the password/phrase.

this does not fork for 'interactive shell sessions', e.g. if i
login in and type 'su'. the authentication used in the ssh connection
is not relevant.

Follow-Ups:
- Re: draft minutes from meeting at ietf50..
  - From: Tom Holroyd

References:
- Re: draft minutes from meeting at ietf50..
  - From: Markus Friedl
- Re: draft minutes from meeting at ietf50..
  - From: Tom Holroyd

Prev by Date: Re: draft minutes from meeting at ietf50..
Next by Date: Re: draft minutes from meeting at ietf50..
Previous by Thread: Re: draft minutes from meeting at ietf50..
Next by Thread: Re: draft minutes from meeting at ietf50..
Indexes:

Home | Main Index | Thread Index | Old Index