Re: spoof rsa fingerprint

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/17/2009 04:53 AM, Patrick O'Callaghan wrote:

It's my understanding that the password would still be sent over an
encrypted channel (using the original host's public key), so I don't see
the problem.

There is no original host in the hypothesized scenario. There's an attacker whose public key has a fingerprint that matches the original host. The victim connects to the attacker instead of the original host. Since the original host isn't involved, the original host's key won't be either.

However, as previously stated, this is extraordinarily difficult by design.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux