OLEGSHA – WindowsTechs.com

Consequences of .ssh/authorized_keys being world-readable

Posted on October 3, 2023 by OLEGSHA

OpenSSH sshd enforces mode 0600 for authorized_keys when StrictMode is enabled. How is mode 0644 more vulnerable?

Continue reading Consequences of .ssh/authorized_keys being world-readable→

Why is salt+nonce authentication over insecure channel vulnerable to man-in-the-middle attack?

Posted on December 16, 2017 by OLEGSHA

In a network connection over an insecure channel I do the following:

Server sends database salt and a nonce to the client;
Client computes and sends hash(hash(pwd + salt) + nonce);
Server computes hash(db_pwd_hash + nonce) and compares it… Continue reading Why is salt+nonce authentication over insecure channel vulnerable to man-in-the-middle attack?→