How SSH works: 1. When the first time a user A on machine M1 connects to machine M2, M1 obtains the public key of M2 (1024 bits typically); M2's SSH software generates the public key for M2; 2. The SSH client software generates a random session key (the random generation algorith matters), and send it to the host; 3. The session key is then used to encrypt all subsequent messages, using either DES, triple DES, or anything else; Vulnerable to "Man in the Middle" attack at the very-first time logon; ------------------------------------------------------------------------------ How SSL works: 1. Client (the Browser) sends in a Hello message, including a random number (28 bytes); 2. Server responses with a Hello message, also including another random number (28 bytes); 3. Server sends its public key, with Verisign's signature; 4. (Optional) clients also send server its public key; 5. Browser picks a random key (called pre-master secret, it is 48 bytes), sends it to the server (encrypted with the server's public key); The problem with this step is that it doesn't have "forward secrecy". So this step can be changed with Diffe-Hellman. Client pick g^a mod p, sends it to server; server picks g^b mod p, sign with secret key, and sends it to client; the premaster secret is g^ab mod p; This way, even if the server is broken into, they can't find the g^ab mod p; Also, for Diffe-Hellman, a and b must be over 160 bits. because there exists an algorithm that can calculate discrete log for 2^k/2 bits for k bits; 6. From the random key, both calculate F(CR, SR, Pre-Master), and get a master secret; "master_secret = MD5(pre_master_secret + SHA('A' + pre_master_secret + ClientHello.random + ServerHello.random)) + MD5(pre_master_secret + SHA('BB' + pre_master_secret + ClientHello.random + ServerHello.random)) + MD5(pre_master_secret + SHA('CCC' + pre_master_secret + ClientHello.random + ServerHello.random));" 7. Master secret is 48 bytes, hashed into a sequence of secure bytes, which are then assigned to the MAC key, session key, and the initialization vector; "CipherSpecs require a client write MAC secret, a server write MAC secret, a client write key, a server write key, a client write IV, and a server write IV, which are generated from the master secret in that order." "key_block = MD5(master_secret + SHA(`A' + master_secret + ServerHello.random + ClientHello.random)) + MD5(master_secret + SHA(`BB' + master_secret + ServerHello.random + ClientHello.random)) + MD5(master_secret + SHA(`CCC' + master_secret + ServerHello.random + ClientHello.random)) + [...];" "client_write_MAC_secret[CipherSpec.hash_size] server_write_MAC_secret[CipherSpec.hash_size] client_write_key[CipherSpec.key_material] server_write_key[CipherSpec.key_material] client_write_IV[CipherSpec.IV_size] /* non-export ciphers */ server_write_IV[CipherSpec.IV_size] /* non-export ciphers */" Remember what IVs, session keys and MAC secrets are used for?... ---------------------------------------------------------------------------- . Authentication must include session key exchange; ---------------------------------------------------------------------------- Passwords: . One time pads; . S-key: 1. Host picks a random number, hashes it 1000 times; 2. Host gives the random number to user; this happens at account-assignment time; 3. The nth time that the user logs on, it sends in 1000-n'th hash of the random number; 4. server remembers which time the user has logged on; Advantage: even if server is broken into, attacker cannot fake as user to log on, because it is a one-way hash function; Disadvantage: limited time of log-on; . SecureID: a shared secret between users and the host, rehashed every minute; requires clock synchronization between the two; server maintains clock number for each card; maximum drift in clock value; ---------------------------------------------------------------------------- PGP by Phil Zimmerman (pgpi.com): . Used to use RSA, but now use Diffe-Hellman; . When a message is sent, put in g^b mod p, and encrypt message with g^ab mod p; ----------------------------------------------------------------------------