Account name plain or encrypted? - SSH

This is a discussion on Account name plain or encrypted? - SSH ; Hi, I'm just wondering: Is the account name used for login already part of the encryption or not? Thanks in advance! Tobias...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Account name plain or encrypted?

  1. Account name plain or encrypted?

    Hi,

    I'm just wondering: Is the account name used for login already part of
    the encryption or not?

    Thanks in advance!
    Tobias

  2. Re: Account name plain or encrypted?

    Tobias Nissen wrote:
    > I'm just wondering: Is the account name used for login already part of
    > the encryption or not?


    Yes. Encryption has already begun by the time the account name is
    sent over the wire.

    (This is a good thing, and formed one of the killer arguments in the
    question of whether SRP, should it ever be seriously adopted in SSH,
    should be implemented as an alternative userauth phase or as an
    alternative kex phase. The other killer argument - which,
    fortunately, argues in the same direction - is that the SRP shared
    secret can be used to retrospectively validate the ordinary host
    key, meaning that after you complete a successful SRP authentication
    with a server you can then trust its host key for other forms of
    authentication.)
    --
    Simon Tatham "The voices in my head are trying to ignore me.
    But if I keep talking, I can drive them insane."

  3. Re: Account name plain or encrypted?

    Tobias Nissen wrote:
    > Hi,
    >
    > I'm just wondering: Is the account name used for login already part of
    > the encryption or not?
    >
    > Thanks in advance!
    > Tobias


    The hosts exchange information about their *public* hostkeys, and verify it
    with their private keys in a fascinating sort of way, and with that
    information encrypt everything else. I'd have to trace the flow of data to see
    if the public keys are exchanged in a private way, but certainly the data is
    signed with the private key in that exchange to verify that it's the same
    server using the same private keys in the future.

+ Reply to Thread