Collaborate Disseminate
I have an open-ended project for a class and I picked to make a tool/use existing tools and applications to exploit the Diffie-Hellman key exchange to be able to inject, modify and delete messages that are transferred over an… Continue reading How to perform a MITM attack on SSH exploiting the Diffie Hellman key exchange
This question already has an answer here:
I try to understand where the signature is used in TLS 1.2.
The ciphersuite of google.com is TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256. However, if I look at the certificate, I can find an ECDSA key but the signature algorithm is RSA. So I’m wondering what is the purpose of ECDSA ?
I know that ECDHE parameters are sent in a separate TLS message. ECDSA is perhaps used to sign these parameters with ECDSA ?
Also, can you confirm that if TLS_ECDH_ECDSA_WITH_xxx is used, ECDH parameters are not in the certificate but in a separate message right ?
Continue reading Why RSA is used in TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ciphersuite [duplicate]
I am writing code for an SSH server and can not get past the Elliptic Curve Diffie-Hellman Key Exchange Reply part of the connection. The client also closes the connection and says “Host Key does not match the signature supp… Continue reading computing the exchange hash for ecdsa-sha2-nistp256
As I was looking over Tor specifications and I noticed that when a circuit is generated then on each circuit’s node a Diffie-Hellman key exchange is being done over an encrypted path on each Node as the image shows bellow:
In other words:… Continue reading Tor: Is a Diffie-Hellman key exchange being done over recipient of traffic?
I ssh to my AWS instances via WinSCP and it has public-private key authentication, password authentication is disabled. All the sessions are saved on WinSCP, so I click on the IP of the machine and I get logged straight in wi… Continue reading How secure is using Saving Session Feature on WinSCP?
Given an insecure channel, what are the pros and cons of using Diffie Hellman to generate a symmetric shared key and then send encrypted data with this key, or simply use Shamir’s three-pass protocol with symmetric ciphers fo… Continue reading Pros and cons of Diffie Hellman vs Three Pass Exchange
According to the second draft of the TLS 1.3 specification, custom DH groups have been deprecated. As we all know, hardcoded DH groups are vulnerable to a precomputation attack that allows retroactive decryption. Since TLS 1.3 doesn’t depr… Continue reading Why does TLS 1.3 deprecate custom DHE groups?
So there is a Node.js package openpgp which is available for signing documents with GPG, but it requires public/secret key. We all know putting key right into the file is dangerous and not recommend under production and usual… Continue reading Is it safe to retrieve GnuPG public/secret key with fs in Node.js?
I’d like to know how to implement forward secrecy using GnuPG, and I presume I need some kind of authenticated key exchange. Assuming that I have the following working already:
Alice and Bob have both generated their own regular asymmet… Continue reading Forward secrecy with GnuPG
I read somewhere that when using key based login instead of a password based login, it is not possible for a Man-in-the-Middle attack to happen.
This question is not about what is being more secure: key based login or password based login… Continue reading SSH key based login is not vulenerable to MiTM attack. Is it true?