lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 02 Sep 2014 19:40:34 +0800
From: John Leo <>
To: maxigas <>
Subject: Re: [FD] SSH host key fingerprint - through HTTPS

"source code"
It's here:
Extremely short and easy to read.

"trust the service operators"
Hey, trust your own eyes. :-) Feel free to audit/use our code.

"a better solution is to use Monkeysphere"
Professional "certificate authority" vs "OpenPGP web of trust"
Personally I feel more comfortable with CA.

Best Wishes,

On 2014-9-2 02:48, maxigas wrote:
> From: John Leo <>
> Subject: [FD] SSH host key fingerprint - through HTTPS
> Date: Mon, 01 Sep 2014 12:41:17 +0800
>> This tool displays SSH host key fingerprint - through HTTPS.
>> SSH is about security; host key matters a lot here; and you can know
>> for sure by using this tool. It means you know precisely how to answer
>> this question:
>> The authenticity of host 'blah.blah.blah (' can't be
>> established.
>> RSA key fingerprint is
>> a4:d9:a4:d9:a4:d9a4:d9:a4:d9a4:d9a4:d9a4:d9a4:d9a4:d9.
>> Are you sure you want to continue connecting (yes/no)?
>> We hackers don't want to get hacked. :-) SSH rocks - when host key is
>> right. Enjoy!
> Excellent point and thanks for the tool! Indeed, fingerprint
> verification is the absolute weak point of SSH. Here the problem
> is that you have to trust the service operators when you use
> checkssh or set up your own. Is the source code available
> somewhere?
> Also, a better solution is to use Monkeysphere which uses the
> public key infrastructure of PGP. It can not just check your SSH
> fingerprints automatically but do a whole lot of other things:
> --
> maxigas, kiberpunk
> FA00 8129 13E9 2617 C614 0901 7879 63BC 287E D166
> People the switches!

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists