gpg: failed to create temporary file '/var/lib/lurker/.#lk0x56cdb100.hantslug.org.uk.11731': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Thu Apr 10 18:35:17 2008 BST
gpg: using DSA key 20ACB3BE515C238D
gpg: Can't check signature: No public key
On Thu, Apr 10, 2008 at 06:03:32PM +0100, Andrew McDonald wrote:
> On Thu, Apr 10, 2008 at 03:31:44PM +0100, Hugo Mills wrote:
> > If I recall correctly, ssh uses Diffie-Hellman key exchange by
> > default. This is a cryptographic protocol based on the same
> > mathematics used by RSA. It allows two people who have never met to
> > exchange keys in a way that prevents anyone else from finding those
> > keys.
>
> D-H is relies on the discrete logarithm problem, RSA depends on the
> problem of factoring large numbers[*].
Sorry for the error. I was working entirely from memory of a
long-ago textbook.
> > From distant memory, DH key exchange also manages to have some
> > protection against man-in-the-middle attacks (but I could be wrong
> > about that -- my crypto books are at home).
>
> D-H doesn't provide any protection against an active man in the middle.
> (That's why D&H had their 'public file' concept for publishing public
> keys, which was then developed into the idea of certificates.)
Ah, OK. Thanks for the clarification. This is, therefore, one of
the reasons why ssh does the check for the remote system's identity...
> [*] Not "factoring large prime numbers" as often misquoted. That's
> easy. :-)
:)
Hugo.
--
=== Hugo Mills: hugo@... carfax.org.uk | darksatanic.net | lug.org.uk ===
PGP key: 515C238D from wwwkeys.eu.pgp.net or http://www.carfax.org.uk
--- If you're not part of the solution, you're part ---
of the precipiate.
