Re: spoof rsa fingerprint
- From: Gordon Messmer <yinyang@xxxxxxxxx>
- Date: Tue, 17 Nov 2009 08:33:34 -0800
On 11/17/2009 04:53 AM, Patrick O'Callaghan wrote:
It's my understanding that the password would still be sent over an
encrypted channel (using the original host's public key), so I don't see
the problem.
There is no original host in the hypothesized scenario. There's an attacker whose public key has a fingerprint that matches the original host. The victim connects to the attacker instead of the original host. Since the original host isn't involved, the original host's key won't be either.
However, as previously stated, this is extraordinarily difficult by design.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
- Follow-Ups:
- Re: spoof rsa fingerprint
- From: Patrick O'Callaghan
- Re: spoof rsa fingerprint
- From: Mikkel
- Re: spoof rsa fingerprint
- References:
- Re: spoof rsa fingerprint
- From: Eugeneapolinary Ju
- Re: spoof rsa fingerprint
- From: Patrick O'Callaghan
- Re: spoof rsa fingerprint
- From: Gordon Messmer
- Re: spoof rsa fingerprint
- From: Patrick O'Callaghan
- Re: spoof rsa fingerprint
- Prev by Date: Re: Fedora 12
- Next by Date: Accessing UFS2 Filesystems in Logical Volume Disks of Virtual Machines
- Previous by thread: Re: spoof rsa fingerprint
- Next by thread: Re: spoof rsa fingerprint
- Index(es):
