Re: spoof rsa fingerprint
- From: Gordon Messmer <yinyang@xxxxxxxxx>
- Date: Tue, 17 Nov 2009 08:33:34 -0800
On 11/17/2009 04:53 AM, Patrick O'Callaghan wrote:
It's my understanding that the password would still be sent over an
encrypted channel (using the original host's public key), so I don't see
There is no original host in the hypothesized scenario. There's an attacker whose public key has a fingerprint that matches the original host. The victim connects to the attacker instead of the original host. Since the original host isn't involved, the original host's key won't be either.
However, as previously stated, this is extraordinarily difficult by design.
fedora-list mailing list
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list