http://www.openssl.org/news/secadv_20060905.txt --- On Sat, 11/14/09, Eugeneapolinary Ju <eugeneapolinary81@xxxxxxxxx> wrote: > From: Eugeneapolinary Ju <eugeneapolinary81@xxxxxxxxx> > Subject: spoof rsa fingerprint > To: "fedora list" <fedora-list@xxxxxxxxxx> > Date: Saturday, November 14, 2009, 11:09 PM > When I first log in to my router > [192.168.1.1] through ssh, it says: > > The authenticity of host 'XXXX.XX (192.168.1.1)' can't be > established. > RSA key fingerprint is > 51:c6:d1:7a:45:c4:74:3e:31:ee:3a:5a:2d:e1:bf:74. > Are you sure you want to continue connecting (yes/no)? > > that's OK [it gets stored in the known_hosts file, on my > client machine]. > > But: > > what happens, if someone turns off my router, then installs > a pc with ip 192.168.1.1? > > And! - it spoofs _the same rsa fingerprint_, that was on my > router. > > Then, when I want to log in to 192.168.1.1, I will type my > password, and it will stole my password... > > > So the question is: > > Could that be possible, to spoof the rsa_fingerprint? > [because the router say's the fingerprint when first logging > in to it, etc..so could that be spoofed?] > > > > -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines