Sniffing HTTPS and SSH
¨Security is built on a trust model of underlying public keys
–HTTPS server sends to browser  a certificate containing server’s public key signed by a Certificate Authority
–SSL connection uses a session key randomly generated by server to encrypt data between server and client
–With SSH, a session key is transmitted in an encrypted fashion using a private key stored on the server
¨ Dsniff takes advantage of poor trust decisions made by a clueless user via man-in-the middle attack
–Web browser user may trust a certificate that is not signed by a trusted party
–SSH user can still connect to a server whose public key has changed
¨