question on cryptography - NRPE and Man in the middle attacks

Tharanga tharanga at roomsnet.com
Fri Sep 28 09:39:35 CEST 2007

Previous message: nagios 3.0b3 ochp problem
Next message: question on cryptography - NRPE and Man in the middle attacks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear Friends,

I have a small confusion about NRPE security. NRPE is using anon-dh for key
exchange and server or client will not authenticate. so any one in the
middle can attack the protocol. Man in the middle attack is possible.

Actually how it prevent in  NRPE implementation. SHA0 also a compromised
one..(sorry iam newbie to this NRPE dvelopment).

Acording to the docuemnt its using ANON-DH without using pre-genereated
public - private key. but actually how the AES, SHA  - ANON-DH works on the
protocol.

My idea is (correct me if iam wrong )

First use AES for a shared secret key (symmetric key)  and then it will
hash  using secure hasing algorithm (has vlaue is created for the data
stream) . (assume no near collisions ?? )  and Anon-dh is only used for SSL
handhake state to agree on a common value. (provides security at  TCP
layer).

if a intruder attck the NRPE protocol , but it cant read/modify the data
(due to AES) ??

so..basic key exchange is done via AES and this is not breakable ?? is it ??

can some one answer to this please ??

Thanks,
Tharanga


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Previous message: nagios 3.0b3 ochp problem
Next message: question on cryptography - NRPE and Man in the middle attacks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list