You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If we manage to crack the hash, we know we could MITM NLA because we could then create a new challenge-response on the server side. If I recall correctly the only thing preventing us from doing that was that part of the challenge-response mixed the plaintext password (which we don't know) with the server's public/private/fingerprint (not sure which) and that the server would reject anything tampered. We couldn't do the double diffie-hellman trick because of the mixing of both these layers. If we have the password, we can truly do an NLA handshake in the middle. This would open up a new attack use case. Note that I'm half intentionally vague here.
If we manage to crack the hash, we know we could MITM NLA because we could then create a new challenge-response on the server side. If I recall correctly the only thing preventing us from doing that was that part of the challenge-response mixed the plaintext password (which we don't know) with the server's public/private/fingerprint (not sure which) and that the server would reject anything tampered. We couldn't do the double diffie-hellman trick because of the mixing of both these layers. If we have the password, we can truly do an NLA handshake in the middle. This would open up a new attack use case. Note that I'm half intentionally vague here.
Ref: #358
The text was updated successfully, but these errors were encountered: