Re: spoof rsa fingerprint

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2009-11-14 at 15:09 -0800, Eugeneapolinary Ju wrote:
> When I first log in to my router [192.168.1.1] through ssh, it says:
> 
> The authenticity of host 'XXXX.XX (192.168.1.1)' can't be established.
> RSA key fingerprint is 51:c6:d1:7a:45:c4:74:3e:31:ee:3a:5a:2d:e1:bf:74.
> Are you sure you want to continue connecting (yes/no)?
> 
> that's OK [it gets stored in the known_hosts file, on my client machine].
> 
> But:
> 
> what happens, if someone turns off my router, then installs a pc with ip 192.168.1.1?
> 
> And! - it spoofs _the same rsa fingerprint_, that was on my router.
>
> Then, when I want to log in to 192.168.1.1, I will type my password, and it will stole my password...
>
> So the question is:
> 
> Could that be possible, to spoof the rsa_fingerprint? [because the router say's the fingerprint when first logging in to it, etc..so could that be spoofed?]

The fingerprint is simply a hash of the router's full public key.
Spoofing the fingerprint still won't enable the spoofer to understand
encrypted communications sent to them (which will continue to use the
router's genuine public key since the client hasn't noticed anything
changed). The spoofer can't guess the private key from the public key
without physical access to the router.

If the spoofer generates its own public/private key pair, the client
will notice that the signature changed. That's the point of the warning
message.

See http://www.securityfocus.com/infocus/1806

poc

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux