Re: spoof rsa fingerprint

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



so the attacker can't generate a spoofed fingerprint like the one used on the server? even when using only password authentication?

--- On Sun, 11/15/09, Patrick O'Callaghan <pocallaghan@xxxxxxxxx> wrote:

> From: Patrick O'Callaghan <pocallaghan@xxxxxxxxx>
> Subject: Re: spoof rsa fingerprint
> To: fedora-list@xxxxxxxxxx
> Date: Sunday, November 15, 2009, 1:27 AM
> On Sat, 2009-11-14 at 15:09 -0800,
> Eugeneapolinary Ju wrote:
> > When I first log in to my router [192.168.1.1] through
> ssh, it says:
> > 
> > The authenticity of host 'XXXX.XX (192.168.1.1)' can't
> be established.
> > RSA key fingerprint is
> 51:c6:d1:7a:45:c4:74:3e:31:ee:3a:5a:2d:e1:bf:74.
> > Are you sure you want to continue connecting
> (yes/no)?
> > 
> > that's OK [it gets stored in the known_hosts file, on
> my client machine].
> > 
> > But:
> > 
> > what happens, if someone turns off my router, then
> installs a pc with ip 192.168.1.1?
> > 
> > And! - it spoofs _the same rsa fingerprint_, that was
> on my router.
> >
> > Then, when I want to log in to 192.168.1.1, I will
> type my password, and it will stole my password...
> >
> > So the question is:
> > 
> > Could that be possible, to spoof the rsa_fingerprint?
> [because the router say's the fingerprint when first logging
> in to it, etc..so could that be spoofed?]
> 
> The fingerprint is simply a hash of the router's full
> public key.
> Spoofing the fingerprint still won't enable the spoofer to
> understand
> encrypted communications sent to them (which will continue
> to use the
> router's genuine public key since the client hasn't noticed
> anything
> changed). The spoofer can't guess the private key from the
> public key
> without physical access to the router.
> 
> If the spoofer generates its own public/private key pair,
> the client
> will notice that the signature changed. That's the point of
> the warning
> message.
> 
> See http://www.securityfocus.com/infocus/1806
> 
> poc
> 
> -- 
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
> 


      

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux