On Tue, 2009-11-17 at 00:55 -0800, Gordon Messmer wrote: > On 11/15/2009 05:08 AM, Patrick O'Callaghan wrote: > > > > Did you read the URL I posted? It's a tutorial with very explicit > > information. If you understand how public-key crypto works, you'll > > realize that spoofing the fingerprint doesn't help the attacker. > > > > In the scenario that the OP hypothesized, yes, spoofing the fingerprint > would help the attacker. A user who attempted to ssh to the router > would not be warned that the host had changed and would submit their > password to a rogue host. It's my understanding that the password would still be sent over an encrypted channel (using the original host's public key), so I don't see the problem. poc -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
