> But I have all session sniffed.(tcpdump)
> No only private and public keys.
> Can I decrypt the session?
I'm not familiar with the specifics of SSH's session key negotiation,
but if Paul is right and something like diffie-hellman key exchange is
used, then even with a full session capture and private keys, you still
don't have a way of getting past that DH key exchange in an offline
attack (in your lifetime, probably).
However, if you have one of the private keys and you can conduct a
man-in-the-middle attack on the session, you can also man-in-the-middle
the DH key exchange in realtime to get what you're after. You just
can't do it offline after the fact.
For more info, see: http://en.wikipedia.org/wiki/Diffie-Hellman
Good luck,
tim
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on Jul 10 2008
Intro
