nrpe encryption SHA, ADH,

Ethan Galstad nagios at nagios.org
Fri Oct 19 14:36:45 CEST 2007


Tharanga wrote:
> Hi All,
> 
> Accoring to the nrpe documentation NRPE  has the option for Encrypting
> Network traffic using
> SSL/TLS from openssl. The Encryption is done using a set encryption routine
> of
> AES-256 Bit Encryption using SHA and Anon-DH. This encryptsall traffic using
> the NRPE sockets from the client to the server.
> 
> when i see the code i can see only the cipher list (ADH). so how this AES
> and SHA invlove ?
> ADH is the key agreement protocol. but it uses ADH and server or client will
> not be autheticated. breaking the ADH cipher is not computaitonally feasible
> at the moment.and you need to find the fisr packet (Man in the Middle
> attack) , so its not practical. then how this AES encryption , and SHA work
> in the protocol.
> 
> 
> many thanks,
> 

Anon-DH is the key exchange protocol between the server/client. 
AES/DES/etc. and SHA/MD5/etc. are used for the crypto as well, but I 
believe the exact cipher and hash function that is chosen will depend on 
  OpenSSL.  The client/server will use the strongest cipher in 
communication.

I'm not an expert, but here's a decent Wikipedia intro:

http://en.wikipedia.org/wiki/Secure_Sockets_Layer


Ethan Galstad,
Nagios Developer
---
Email: nagios at nagios.org
Website: http://www.nagios.org

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/




More information about the Developers mailing list