Re: Hardware potential to duplicate existing host keys... RSA DS
On Mon, 25 Jun 2012 16:45:24 -0700
Doug Barton wrote:
> On 06/25/2012 15:53, RW wrote:
> > On Mon, 25 Jun 2012 14:59:05 -0700
> > Doug Barton wrote:
> >
> >>>> Having a copy of the host key allows you to do one thing and one
> >>>> thing only: impersonate the server. It does not allow you to
> >>>> eavesdrop on an already-established connection.
> >>>
> >>> It enables you to eavesdrop on new connections,
> >>
> >> Can you describe the mechanism used to do this?
> >
> > Through a MITM attack if nothing else
>
> Sorry, I wasn't clear. Please describe, in precise, reproducible
> terms, how one would accomplish this. Or, link to known script-kiddie
> resources ... whatever. My point being, I'm pretty confident that
> what you're asserting isn't true. But if I'm wrong, I'd like to learn
> why.
Servers don't always require client keys for authentication. If they
don't then a MITM attack only needs the server's key.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 15 之 26 篇):