spoof rsa fingerprint
Eugeneapolinary Ju
eugeneapolinary81 at yahoo.com
Sun Nov 15 06:56:41 UTC 2009
http://www.openssl.org/news/secadv_20060905.txt
--- On Sat, 11/14/09, Eugeneapolinary Ju <eugeneapolinary81 at yahoo.com> wrote:
> From: Eugeneapolinary Ju <eugeneapolinary81 at yahoo.com>
> Subject: spoof rsa fingerprint
> To: "ubuntu list" <ubuntu-users at lists.ubuntu.com>
> Date: Saturday, November 14, 2009, 11:09 PM
> When I first log in to my router
> [192.168.1.1] through ssh, it says:
>
> The authenticity of host 'XXXX.XX (192.168.1.1)' can't be
> established.
> RSA key fingerprint is
> 51:c6:d1:7a:45:c4:74:3e:31:ee:3a:5a:2d:e1:bf:74.
> Are you sure you want to continue connecting (yes/no)?
>
> that's OK [it gets stored in the known_hosts file, on my
> client machine].
>
> But:
>
> what happens, if someone turns off my router, then installs
> a pc with ip 192.168.1.1?
>
> And! - it spoofs _the same rsa fingerprint_, that was on my
> router.
>
> Then, when I want to log in to 192.168.1.1, I will type my
> password, and it will stole my password...
>
>
> So the question is:
>
> Could that be possible, to spoof the rsa_fingerprint?
> [because the router say's the fingerprint when first logging
> in to it, etc..so could that be spoofed?]
>
>
>
>
More information about the ubuntu-users
mailing list