How does SSH (Secure Shell) work?

MadRat

Lifer
Oct 14, 1999
11,960
278
126
I understand that there is a private and a public key. The public key is given freely out to the rest of the world. The private key is needed to decode the information from the public key. But if someone knows the public key then why is their message safe in any way, and why can't one decode the information back to the original message from the public key? It doesn't make sense to me.
 

CTho9305

Elite Member
Jul 26, 2000
9,214
1
81
Take some math classes, or look up the RSA algorithm online.

edit: the basic idea is that it is very easy to multiply two large primes (duh, it's just multiplication), but very difficult to factor the products of large primes into their component primes. I don't know exactly how it works, because you can't rapidly generate a list of large primes, so I don't know where the primes come from. If it's just a list stored somewhere, searching the list would be trivial.
 

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
I'm not positive about all of this, but reading up on it shouldn't be much of a problem. Check openssh.com, see if they have any information on it. But I think, the public key encrypts the data so only the private key can decrypt it.
 

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: CTho9305
Take some math classes, or look up the RSA algorithm online.

edit: the basic idea is that it is very easy to multiply two large primes (duh, it's just multiplication), but very difficult to factor the products of large primes into their component primes.

That shouldn't be necessary for a basic understanding of the process, but it would definitely help for in depth knowledge ;)
 

MadRat

Lifer
Oct 14, 1999
11,960
278
126
Originally posted by: CTho9305
the basic idea is that it is very easy to multiply two large primes (duh, it's just multiplication), but very difficult to factor the products of large primes into their component primes. I don't know exactly how it works, because you can't rapidly generate a list of large primes, so I don't know where the primes come from. If it's just a list stored somewhere, searching the list would be trivial.

Awww, so its not that its perfectly secure, its that its secure for some while. That makes alot of sense then.
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
Awww, so its not that its perfectly secure, its that its secure for some while. That makes alot of sense then.

Nothing is perfectly secure, given enough time you can bruteforce any encryption key no matter how big it is.
 

drag

Elite Member
Jul 4, 2002
8,708
0
0
Originally posted by: Nothinman
Awww, so its not that its perfectly secure, its that its secure for some while. That makes alot of sense then.

Nothing is perfectly secure, given enough time you can bruteforce any encryption key no matter how big it is.

Yep.

For example that's why when you go to check out the top-500 most powerfull computers, they are actually only top-500 that are PUBLICY KNOWN. ;)

Then again, the human half of security is usually a lot easier to crack then the encrypted half.
 

CTho9305

Elite Member
Jul 26, 2000
9,214
1
81
Originally posted by: Nothinman
Awww, so its not that its perfectly secure, its that its secure for some while. That makes alot of sense then.

Nothing is perfectly secure, given enough time you can bruteforce any encryption key no matter how big it is.

Not a one-time-pad with keylength >= message length, using "truly random" numbers in the key.
 

Fiveohhh

Diamond Member
Jan 18, 2002
3,776
0
0
Originally posted by: drag
Originally posted by: Nothinman
Awww, so its not that its perfectly secure, its that its secure for some while. That makes alot of sense then.

Nothing is perfectly secure, given enough time you can bruteforce any encryption key no matter how big it is.

Yep.

For example that's why when you go to check out the top-500 most powerfull computers, they are actually only top-500 that are PUBLICY KNOWN. ;)

Then again, the human half of security is usually a lot easier to crack then the encrypted half.

Ever read Dan Brown's "Digital Fortress"?:D