USBArmory talk from 31C3. http://media.ccc.de/browse/congress/2014/31c3_-_6541_-_en_-_saal_2_-_201412281730_-_forging_the_usb_armory_-_andrea_barisani.html#video&t=328 … Using SSH fingerprints to authenticate the host = Obviously susceptible to MITM!
@OwariDa how exactly? The whole point of caching ssh server fingerprints is to prevent MITM.
-
-
@AndreaBarisani Just set up a proxy that connects to the real host.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@AndreaBarisani Yes, it works in the context of SSH, but not in the USBArmory scenario when the device just wants to verify the host. -
@OwariDa the verification will be performed in the context of SSH, USB Armory will SSH back to the host as we have TCP/IP connection -
@AndreaBarisani Yes, but will all subsequent interaction with the host be performed over SSH as well? -
@OwariDa protection is to ensure your own laptop is connected, subsequent interactions will have their own authentication mechanisms -
@AndreaBarisani If the real host is reachable on a public IP, one could just proxy the connection to that host. Don't you see the problem? -
@OwariDa followup over email, I much prefer constructive dcomments/questions rather than criticism about something we have yet to develop ;) -
@AndreaBarisani E-mail sent now. :) Btw, the USBArmory concept itself is absolutely awesome, my critique is supposed to be constructive. -
@OwariDa thanks! And I do much appreciate the feedback.
End of conversation
New conversation -
-
-
@OwariDa the process of verifying ssh fingerprints is not a mere comparison but specifically intended to validate server public keyThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.