[SATLUG] OT: Router-related question

David Kowis dkowis at shlrm.org
Thu Feb 11 07:23:43 CST 2010


On 2/10/2010 8:39 PM, redpill wrote:
> I wouldn't say that SSH is insecure, its not.  My point is that SSH or
> for that matter any form of encrypted communication is only as secure as
> the practices that surround their use.  SSH encryption can be cracked
> (http://www.youtube.com/watch?v=7CP-JB4QARo), SSL can be cracked
> (http://www.youtube.com/watch?v=7kQ_nTRt37c), and its getting easier and
> easier to do so.
> I understand that stuff has to get done and these protocols will be used
> what I am saying is that you should never think that just because you
> are using HTTPS or SSH you secure.
> In the above scenario All someone would need to do is run a tcpdump (say
> tcpdump -nXSe -s 1545 -c 5000 -t port 443 -w somefilename) scp the
> capfile out of the network.  once the cap file is out of the network it
> can be analyzed and decrypted at the cracker's leisure.
> the point is your never as secure as you think you are.

This is true, but one has to weigh the value and expiry of the data. For 
example, scping an excel spreadsheet at home with a shopping list on it 
isn't worth some l33t haxx0rs time. Crypto is a balance of security and 
expiry of the important data. This is why changing passwords is 
important, if not as important as once a month (as some companies 
believe it is.)

Note that the posted ssh cracking video isn't actually compromising the 
crypto, but logging in due to poor password selection.

And they're doing a MITM attack to compromise your ssl link. If you've 
got your ssh host keys identified, you should be able to counter this. 
They present a false certificate. So this is still not compromising the 
crypto, but compromising a foolish user.

If you can set up a verified secure connection, you should be in good 
shape, unless someone with a Cray 3 wants your mp3s you're scp'ing to 
work :)

David


More information about the SATLUG mailing list