maemo.org - Talk - View Single Post

dick-richardson	2009-12-03 , 01:30
Posts: 174 \| Thanked: 71 times \| Joined on Aug 2007	#23

Originally Posted by davost

Granted, ssh is very useful, I use it a lot. But I only have it enabled when and where I really need it. As a matter of fact you are not really safe. Just consider TLS. The foundation of almost all web security. That was considered safe until the renogatiation weakness was discovered not many months ago.

The renegotiation exploit doesn't give a man in the middle your private key and has absolutely NO impact on the security of ssh in this context.

The renegotiation exploit allows a man in the middle to establish their own valid ssl connection (NOT ssh) to a server that accepts public requests, and then forward your new attempt as a renegotiation.

Quote & Reply |

The Following User Says Thank You to dick-richardson For This Useful Post:
Wikiwide