Also if the underlying cryptography isn't forward-secure, anyone with the privat... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		schoen on Feb 17, 2015 \| parent \| context \| favorite \| on: Duplicate SSH Keys Everywhere Also if the underlying cryptography isn't forward-secure, anyone with the private key can go back and read your recorded SSH sessions, including any kind of secrets that you typed into them (or files that you downloaded with scp or rsync). I don't know under what conditions SSH uses or doesn't use forward-secure key exchange methods.

yuriks on Feb 18, 2015 [–]

SSH always (to the extent of my knowledge) uses Diffie–Hellman to generate session keys, and regenerates them at periodic intervals, and so always has forward-secrecy. This only affects the ability to MITM new connections.

schoen on Feb 18, 2015 | [–]

That is great, thank you for the information.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact