As far as I know, SSH2 first does a key exchange based on the server host key an
ID: 649422 • Letter: A
Question
As far as I know, SSH2 first does a key exchange based on the server host key and brings up transport authentication and encryption derived from this kex. The real authentication (password or public key) is done over this secure transport. If you set the cipher to 'none', you wouldn't want to allow password authentication because then the password would be sent in plaintext. But what about public key authentication? I believe pubkey auth works by the server sending a nonce to the client, the client signing it with its private key, and the server verifying the signature. How is the overall system weakened if this exchange happens in the clear? I can think of at least: known-plaintext (passively capture (nonce, Dk(nonce)) and try to derive k) chosen-ciphertext (intercept and replace the nonce, capture Dk(chosen)) Is RSA (specifically, the way it's used by the raw SSH public key authentication) vulnerable to either of these?Explanation / Answer
RSA algorithm uses a digital signature to ensure receiver and sender identify each other.
i beleive it is difficult to do a reverse engineering to find the private key of the sender and replace or use it to send a different message.
The RSA has a better chance of surviving attacks over the net.
The following is the reference material i have used for this. There is also one video at https://www.youtube.com/watch?v=t5lACDDoQTk that explains how difficult it is to crack the code.
hope that clears your doubts.
RSA was first described in 1977 by Ron Rivest, Adi Shamir and Leonard Adleman of the Massachusetts Institute of Technology. Public-keycryptography, also known asasymmetric cryptography, uses two different but mathematically linkedkeys, one public and one private. The public key can be shared with everyone, whereas the private key must be kept secret. In RSA cryptography, both the public and the private keys can encrypt a message; the opposite key from the one used to encrypt a message is used to decrypt it. This attribute is one reason why RSA has become the most widely used asymmetric algorithm: It provides a method of assuring the confidentiality, integrity, authenticity and non-reputability of electronic communications and data storage.
Many protocols like SSH, OpenPGP, S/MIME, and SSL/TLS rely on RSA for encryption and digital signature functions. It is also used in software programs -- browsers are an obvious example, which need to establish a secure connection over an insecure network like the Internet or validate a digital signature. RSA signature verification is one of the most commonly performed operations in IT.
RSA derives its security from the difficulty of factoring large integers that are the product of two large prime numbers. Multiplying these two numbers is easy, but determining the original prime numbers from the total -- factoring -- is considered infeasible due to the time it would take even using today
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.