On Wed, May 11, 2005 at 10:04:12AM -0700, Florin Andrei wrote: > http://www.schneier.com/blog/archives/2005/05/the_potential_f.html > > I can't test it right now, but i wonder - what's the default setting on > FC4, hash the hosts or not? I'm not convinced it helps very much. I'll just read every .history file on your machine and hash the hostnames I find in that against the database. I'd also try cvs based attacks by using the keys that work and appear to be for cvs stuff to automate pushing updated autoconf scripts into every cvs I can 'fix'. There are just far too many other ways to identify an ssh host entry/key and to then use that the same way the analysed user has. Alan -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list
