Re: [Hampshire] Ssh/sftp/scp vulnerability

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MHugo Mills at <-
M 
Author: The Holy ettlz
Date:  
To: Hampshire LUG Discussion List
Subject: Re: [Hampshire] Ssh/sftp/scp vulnerability

Reply to this message
gpg: failed to create temporary file '/var/lib/lurker/.#lk0x5744d100.hantslug.org.uk.9656': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Thu Apr 10 19:36:40 2008 BST
gpg: using DSA key 2FF22CF403F94B5D
gpg: Can't check signature: No public key
> On Thu, Apr 10, 2008 at 03:39:25PM +0100, The Holy ettlz wrote:
> > >    From distant memory, DH key exchange also manages to have some
> > > protection against man-in-the-middle attacks (but I could be wrong
> > > about that -- my crypto books are at home).

> >
> > I think is because DH can also be used for digital signatures (e.g.,
> > compute message hash, sender *DE*crypts that using their private key,
> > receiver uses sender's public key to encrypt this and check the hash).
>
> That doesn't make sense in the context of D-H. I think you are
> confusing it with RSA where decryption and signing are the same
> mathematical operation.

Thanks for clearing that up [...reads Wikipedia...]

James 

-- 
The Holy ettlz                              TheHolyettlz@???
PGP key ID: 03F94B5D
-----------------------------------------------------------------------

This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] Ssh/sftp/scp vulnerability[Hampshire] Re: [Surrey] Looking forwards->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)