Hello everyone,
I was hoping to understand whether a secure connection could be established if certificate fingerprints are used for authentication.
I know that a certificate fingerprint is calculated on the entire certificate and that through mathematical computation a collision is nearly impossible.
However, since the certificate fingerprint is public knowledge in a key exchange, can a perpetrator essentially reverse engineer a certificate to contain the same fingerprint in order to man in the middle attack a connection?
An example of this is DTLS in webrtc if fingerprints exchanged on an end to end encrypted Proteus protocol. However, the actual key exchange containing certificates is done in public.
[link] [comments]
from hacking: security in practice https://ift.tt/PmWYKvs
Comments
Post a Comment