|
|
|
|
|
|
by rocqua
2829 days ago
|
|
|
One might simply store a list of hash(address, Fingerprint)
Here we are essentially using the fingerprint of the server as the salt, which doesn't need to be stored locally.This would mean you can't detect whether a host changed their fingerprint, just that you've never seen this host-fingerprint combination. So if someone were to MitM your box, you would need to be sufficiently surprised by the 'This is an unknown connection' warning to investigate further. To actually detect changed fingerprints, you need to keep a list of IPs for which you know the fingerprint. As the list of viable IPs is so small, there is no way to obfuscate it. The only possibility would be to encrypt it, but that requires keeping some secret from your attacker. |
|
|