SSH Encryption: Difference between revisions
| Line 6: | Line 6: | ||
To understand how communications are encrypted in SSH we first need to understand some basic terms and concepts. The difference between asymmetric and symmetric cryptography is a good place to start. | To understand how communications are encrypted in SSH we first need to understand some basic terms and concepts. The difference between asymmetric and symmetric cryptography is a good place to start. | ||
===Symmetric vs Asymmetric=== | ===Symmetric vs Asymmetric=== | ||
Symmetric cryptography is something probably most people are and have been familiar since their youth. An example: The alphabet has 26 characters and we assign each position a number (a='1', b='2' etc.), then we proceed to "shift" or "rotate" each character for n steps down this sequence. If we take n=1 for example, so that each letter gets "bumped up" one value and effectively taking the place of the character that was there before. This gives: z='1', a='2', b='3' etc). This algorithm is called ROTn where n would be the number of steps to rotate the characters and simultaneously both the key to encrypt and to decrypt the message (hence the name 'symmetric'). An example message would be "Hello World", which we would encrypt with ROT13 to "Uryyb Jbeyq" and could decrypt with the same key back to "Hello World". Just as many people have experimented with this algorithm to encrypt messages during childhood, almost all people discover quite quickly how easy it is to break such encryption. Of course many more complicated versions exist <ref>[https://www.math.cornell.edu/~mec/2003-2004/cryptography/polyalpha/polyalpha.html] Polyalphabetic Ciphers and how to crack them</ref> which are not as easily solved by hand but suffer the same underlying weaknesses as this simplified algorithm does and can get cracked quite easily with modern computing power using methods like frequency analysis.<ref>[https://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma#World_War_II] Famous cracking of the Nazi Enigma Code using repeated stereotypical messages</ref> The stress here is on keeping the key a secret, available only to the trusted parties and this is where the distinction with asymmetrical cryptography comes into play. | Symmetric cryptography is something probably most people are and have been familiar since their youth. An example: The alphabet has 26 characters and we assign each position a number (a='1', b='2' etc.), then we proceed to "shift" or "rotate" each character for n steps down this sequence. If we take n=1 for example, so that each letter gets "bumped up" one value and effectively taking the place of the character that was there before. This gives: z='1', a='2', b='3' etc). This algorithm is called ROTn where n would be the number of steps to rotate the characters and simultaneously both the key to encrypt and to decrypt the message (hence the name 'symmetric'). An example message would be "Hello World", which we would encrypt with ROT13 to "Uryyb Jbeyq" and could decrypt with the same key back to "Hello World". Just as many people have experimented with this algorithm to encrypt messages during childhood, almost all people discover quite quickly how easy it is to break such encryption. Of course many more complicated versions exist <ref>[https://www.math.cornell.edu/~mec/2003-2004/cryptography/polyalpha/polyalpha.html] Polyalphabetic Ciphers and how to crack them, Retrieved 22.02.2017</ref> which are not as easily solved by hand but suffer the same underlying weaknesses as this simplified algorithm does and can get cracked quite easily with modern computing power using methods like frequency analysis.<ref>[https://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma#World_War_II] Famous cracking of the Nazi Enigma Code using repeated stereotypical messages, Retrieved 22.02.2017</ref> The stress here is on keeping the key a secret, available only to the trusted parties and this is where the distinction with asymmetrical cryptography comes into play. | ||
Asymmetric cryptography, using different keys to encrypt and decrypt, still works very similarly to what we have discussed before. There is an encryption algorithm available which "jumbles" up the message depending on the specific key that is provided (this will be known as the "public key" from now on) but where it differs is the decryption. Technically speaking the public key used to encrypt still contains all the information needed to decrypt the message but this information is obfuscated by complexity and a modern computer's inability to retrieve this information in a acceptable amount of time. The other key in the pair (known as the "private key" from now on) is created alongside with the public key and allows for quick decryption of the message. This difference in decryption speed allows for safe sharing of public keys so that anyone wanting to send private data can encrypt it easily but only the holder of the private key can decrypt easily. | Asymmetric cryptography, using different keys to encrypt and decrypt, still works very similarly to what we have discussed before. There is an encryption algorithm available which "jumbles" up the message depending on the specific key that is provided (this will be known as the "public key" from now on) but where it differs is the decryption. Technically speaking the public key used to encrypt still contains all the information needed to decrypt the message but this information is obfuscated by complexity and a modern computer's inability to retrieve this information in a acceptable amount of time. The other key in the pair (known as the "private key" from now on) is created alongside with the public key and allows for quick decryption of the message. This difference in decryption speed allows for safe sharing of public keys so that anyone wanting to send private data can encrypt it easily but only the holder of the private key can decrypt easily. | ||
Revision as of 13:22, 22 February 2017
Secure Shell (SSH) is a cryptographic network protocol meant to secure communications over an insecure connection between network devices. One of the ways SSH does this is by using a hybrid approach between asymmetric public/private key- and symmetric cryptography. SSH is most commonly used as a means for secure remote login and command execution, often in the context of a client-server interaction, but is also often used for authentication and in file transfers protocols (SFTP / SCP).
This article will discuss and explore, among other things, the possible ways of creating SSH-keys, the underlying methods of encryption and some general best practices concerning interactions with servers and ssh key management. It is therefore complementary to the article: "SSH for beginners"
Introduction
To understand how communications are encrypted in SSH we first need to understand some basic terms and concepts. The difference between asymmetric and symmetric cryptography is a good place to start.
Symmetric vs Asymmetric
Symmetric cryptography is something probably most people are and have been familiar since their youth. An example: The alphabet has 26 characters and we assign each position a number (a='1', b='2' etc.), then we proceed to "shift" or "rotate" each character for n steps down this sequence. If we take n=1 for example, so that each letter gets "bumped up" one value and effectively taking the place of the character that was there before. This gives: z='1', a='2', b='3' etc). This algorithm is called ROTn where n would be the number of steps to rotate the characters and simultaneously both the key to encrypt and to decrypt the message (hence the name 'symmetric'). An example message would be "Hello World", which we would encrypt with ROT13 to "Uryyb Jbeyq" and could decrypt with the same key back to "Hello World". Just as many people have experimented with this algorithm to encrypt messages during childhood, almost all people discover quite quickly how easy it is to break such encryption. Of course many more complicated versions exist [1] which are not as easily solved by hand but suffer the same underlying weaknesses as this simplified algorithm does and can get cracked quite easily with modern computing power using methods like frequency analysis.[2] The stress here is on keeping the key a secret, available only to the trusted parties and this is where the distinction with asymmetrical cryptography comes into play.
Asymmetric cryptography, using different keys to encrypt and decrypt, still works very similarly to what we have discussed before. There is an encryption algorithm available which "jumbles" up the message depending on the specific key that is provided (this will be known as the "public key" from now on) but where it differs is the decryption. Technically speaking the public key used to encrypt still contains all the information needed to decrypt the message but this information is obfuscated by complexity and a modern computer's inability to retrieve this information in a acceptable amount of time. The other key in the pair (known as the "private key" from now on) is created alongside with the public key and allows for quick decryption of the message. This difference in decryption speed allows for safe sharing of public keys so that anyone wanting to send private data can encrypt it easily but only the holder of the private key can decrypt easily.
RSA vs EdDSA
Server Side
See Also
References
External Links
Other Details
Author: Frank Korving
Last Modified: 21.02.2017
