The whole point of asymmetric-key is that a middleman can't do that. Even if you... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bandrami on April 2, 2024 \| parent \| context \| favorite \| on: Xzbot: Notes, honeypot, and exploit demo for the x... The whole point of asymmetric-key is that a middleman can't do that. Even if you relayed the entire handshake, all traffic after that is just line noise to you unless you have the transmitter's private key. You can't read it or mangle it (well, you can mangle it, but the receiving party will know it was mangled in transit). The exploit string on the wire for that transmission won't work in the context of any other transmission sequence.

pxx on April 2, 2024 [–]

Yeah I had mistakenly thought the exploit string was transmitted during key exchange (read too quickly on "pre-auth"), which is incorrect; see sibling comment. I'm unfortunately past the edit window now.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact