On 11/15/2009 05:08 AM, Patrick O'Callaghan wrote:
Did you read the URL I posted? It's a tutorial with very explicit information. If you understand how public-key crypto works, you'll realize that spoofing the fingerprint doesn't help the attacker.
In the scenario that the OP hypothesized, yes, spoofing the fingerprint would help the attacker. A user who attempted to ssh to the router would not be warned that the host had changed and would submit their password to a rogue host.
In answer to the original question, though, spoofing the fingerprint would be extraordinarily difficult.
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
