undefined | Better HN

0 pointssooper10y ago0 comments

It seems not any more?:

"Resolution. In order to prevent a man in the middle from making KeePass display incorrect version information (even though this does not imply a successful attack, see above), the version information file is now digitally signed (using RSA-2048 and SHA-512). KeePass 2.34 and higher only accept such a digitally signed version information file. Furthermore, the version information file is now downloaded over HTTPS."

0 comments

2 comments · 1 top-level

dchest10y ago· 1 in thread

The question was if MITM would be able to prevent automatic update notifications. Their solution doesn't solve this: it prevents attackers from changing version information, but doesn't prevent them from replaying previous version information.

SNvD7vEJ10y ago

How would that work? ("replaying")

j / k navigate · click thread line to collapse