KEYP - Certificate substitution protection in conjunction with ADCS

Hamachi · « **on:** November 21, 2011, 16:39:42 »

http://adc.sourceforge.net/ADC-EXT.html#_keyp_certificate_substitution_protection_in_conjunction_with_adcs

Hej i dont understand how this works.

How can it be more safe, if all know the string ?

FlipFlop™ · « **Reply #1 on:** November 21, 2011, 17:04:17 »

The KEYP is a keyprint (hash) of the security certificate the hub will send when a client connects to a secure port. It's like the TTH of a file.

KEYP protects against MITM-attacks (man-in-the-middle), where a connection can be hijacked somewhere between client and hub. Because with KEYP the client already knows what the keyprint of the expected certificate has to be, it can't be replaced with another one by the man in the middle.

If the keyprint of the received certificate doesn't match the KEYP, the connection is dropped.
And although everyone knows the KEYP, you won't be able to generate a security certificate from it.

Hamachi · « **Reply #2 on:** November 21, 2011, 19:49:10 »

Ahh if i lot the cert files users cant join the hub ?

FlipFlop™ · « **Reply #3 on:** November 22, 2011, 00:29:46 »

Correct

Hamachi · « **Reply #4 on:** November 22, 2011, 08:05:52 »

OK Thanks for your help FlipFlop™

KEYP - Certificate substitution protection in conjunction with ADCS

Hamachi

KEYP - Certificate substitution protection in conjunction with ADCS

FlipFlop™

Re: KEYP - Certificate substitution protection in conjunction with ADCS

Hamachi

Re: KEYP - Certificate substitution protection in conjunction with ADCS

FlipFlop™

Re: KEYP - Certificate substitution protection in conjunction with ADCS

Hamachi

Re: KEYP - Certificate substitution protection in conjunction with ADCS