spoof rsa fingerprint
Gordon Messmer
yinyang at eburg.com
Tue Nov 17 08:55:23 UTC 2009
On 11/15/2009 05:08 AM, Patrick O'Callaghan wrote:
>
> Did you read the URL I posted? It's a tutorial with very explicit
> information. If you understand how public-key crypto works, you'll
> realize that spoofing the fingerprint doesn't help the attacker.
>
In the scenario that the OP hypothesized, yes, spoofing the fingerprint
would help the attacker. A user who attempted to ssh to the router
would not be warned that the host had changed and would submit their
password to a rogue host.
In answer to the original question, though, spoofing the fingerprint
would be extraordinarily difficult.
More information about the users
mailing list