Re: spoof rsa fingerprint

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2009-11-17 at 08:33 -0800, Gordon Messmer wrote:
> On 11/17/2009 04:53 AM, Patrick O'Callaghan wrote:
> >
> > It's my understanding that the password would still be sent over an
> > encrypted channel (using the original host's public key), so I don't see
> > the problem.
> >    
> 
> There is no original host in the hypothesized scenario.  There's an 
> attacker whose public key has a fingerprint that matches the original 
> host.  The victim connects to the attacker instead of the original 
> host.  Since the original host isn't involved, the original host's key 
> won't be either.

No, the OP's scenario is that there *was* an original host, which
presumably set up the key pair and established a fingerprint. That's the
assumption behind everything I've been saying.

poc

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux