undefined | Better HN

0 pointsStavrosK11y ago0 comments

What's the point of that? Why not just indicate somewhere that the conversation isn't completely secure, rather than have the user believe it is when it's not?

0 comments

3 comments · 1 top-level

jlund11y ago· 2 in thread

TOFU has proven to be quite resilient against MITM attacks. Do you think it's a stretch to say that SSH is secure?

StavrosKOP11y ago

I think it's a stretch to say that there can be security without verifying keys.

jlund11y ago

That's like saying that SSH isn't more secure than Telnet unless you personally drive to the data center and verify the fingerprints of every single server by hand.

In reality, TOFU is a form of key verification and it is highly effective against MITM attacks because there's no way for an adversary to reliably determine whether or not a user is seeing a fingerprint for the first time. If at any point the fingerprint changes, the users are warned.

Users can also easily check and compare fingerprints too. They are not mutually exclusive.

1 more reply

j / k navigate · click thread line to collapse