|
|
|
|
|
|
by 8organicbits
1177 days ago
|
|
|
There's a narrow window for that attack. The fingerprint is only used on the first connection, for manual verification. Any later connections would check the ~/.ssh/known_hosts which has the full public key. If you somehow can MITM an SSH connection on the first connection, you can probably use any key. Most people don't check the fingerprint. But you are correct, computing an SSH key with a collisionwis expected to take an infeasible amount of time/energy with current understanding of crypto and available computers. |
|
|