> I assume if the attacker has the public and private keys from not just
> one, but both ends, that PFS is not an obstacle.
Let's start with, Disclaimer: I am not a cryptographer. Someone smarter may
later contradict what I say here. You're probably wise to listen to them.
It's my understanding that even if you have both endpoints' public and
private key pairs, that's not enough to recreate the ephemeral keys used
during a particular session. Without those keys, the packet capture cannot
be decrypted.
I believe the bar you must get over to decrypt an SSH session on the network
is to be attached to the client or server process with a debugger during the
session.
PaulM
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on Jul 10 2008
Intro
