Jump to content

ssh symmetric encryption

johnyb98
By johnyb98
in Networking
 Share
Posted

Hi dear members.

Please, a question on ssh symmetric encryption.

 

Spoiler

Symmetric keys are used to encrypt the entire communication during a SSH Session. Both the client and the server derive the secret key using an agreed method, and the resultant key is never disclosed to any third party. The process of creating a symmetric key is carried out by a key exchange algorithm. What makes this algorithm particularly secure is the fact that the key is never transmitted between the client and the host. Instead, the two computers share public pieces of data and then manipulate it to independently calculate the secret key. Even if another machine captures the publically shared data, it won’t be able to calculate the key because the key exchange algorithm is not known.

 

It says that "Even if another machine captures the publically shared data, it won’t be able to calculate the key because the key exchange algorithm is not known."

 

My question:

 

If it is possible the sniffer to capture the shared data, the same way would be able to capture the encryption cipher. Of course, encryption cypher is determined before connections takes place. But, the same way shared data is transmitted via just a simple wire (internet), the same way encryption cypher agreement will be transmitted via this wire, too. There is no other way. Even if connection has not yet been established, the two sides try to agree in the key exchange algorithm. So, if I am not wrong, sniffer has both public shared data, encryption cypher, so he/she can create symmetric key, and decrypt stolen data packets.

 

Am I wrong somewhere?

 

Thank you !

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
4 hours ago, johnyb98 said:

Hi dear members.

Please, a question on ssh symmetric encryption.

 

  Hide contents

Symmetric keys are used to encrypt the entire communication during a SSH Session. Both the client and the server derive the secret key using an agreed method, and the resultant key is never disclosed to any third party. The process of creating a symmetric key is carried out by a key exchange algorithm. What makes this algorithm particularly secure is the fact that the key is never transmitted between the client and the host. Instead, the two computers share public pieces of data and then manipulate it to independently calculate the secret key. Even if another machine captures the publically shared data, it won’t be able to calculate the key because the key exchange algorithm is not known.

 

It says that "Even if another machine captures the publically shared data, it won’t be able to calculate the key because the key exchange algorithm is not known."

 

My question:

 

If it is possible the sniffer to capture the shared data, the same way would be able to capture the encryption cipher. Of course, encryption cypher is determined before connections takes place. But, the same way shared data is transmitted via just a simple wire (internet), the same way encryption cypher agreement will be transmitted via this wire, too. There is no other way. Even if connection has not yet been established, the two sides try to agree in the key exchange algorithm. So, if I am not wrong, sniffer has both public shared data, encryption cypher, so he/she can create symmetric key, and decrypt stolen data packets.

 

Am I wrong somewhere?

 

Thank you !

Well, In theory yeah I don’t see why it couldn’t be possible but there is probably something done to prevent this like changing the algorithm after the connection is established, using one algorithm to connect and using another to send the actual data.

but I am not an expert

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×