For example in SSH connections, is there a vulnerability risk with respect to the RSA fingerprint? If my connection is not encrypted does this mean they can sniff my password?
How can I fix it and make sure that the connection is secure?
Asked
Active
Viewed 296 times
-4
-
It's unclear what you're asking. And: of there is a vulnerability in one of the most prolifically used crypto algorithms, why do you think it would be fixable? Why would it be fixable by you? – Marcus Müller Dec 12 '17 at 21:55
-
Lynda, what problems are you thinking about? – schroeder Dec 12 '17 at 22:16
-
the risk here is my connection is not encrypted wish mean they can sniff my password – Lyndà Céline Dec 12 '17 at 22:40
-
what does that have to do with the fingerprint? – schroeder Dec 13 '17 at 10:58
-
No, there is no generic vulnerability, and if there were, we'd solve it. – Luc Dec 12 '17 at 22:58
1 Answers
0
The question is rather unclear but I assume that you mean "Does it pose a risk to reveal a fingerprint (i.e. cryptographic hash) of your RSA (private) key?".
No, at the time of writing, there is no usable attack against a cryptographic hash functions like SHA-256 or other algorithms of the SHA2/SHA3 familiy.
Your concern is in fact part of the definition of a cryptographic hash function! Being able to compute an output o from an input i, by computing Hash(i) = o, without being able to somehow "de-hash" o to obtain i (it's not reversible). The only way is to try many different inputs which takes a lot of time.
Additionally, hash functions are not bijective, as there is an unlimited amount of possible inputs, but only 2^[Output_in_Bits] possible outputs. Even if somebody could brute-force an input j, so Hash(j) = o this does not imply that j = i, as (in theory) there are many many inputs which produce o as hash-output.
GxTruth
- 963
- 6
- 9