> TOFU is secure if you verify the host key fingerprint against information rece... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		rlpb on Oct 16, 2023 \| parent \| context \| favorite \| on: SSH-audit: SSH server and client security auditing > TOFU is secure if you verify the host key fingerprint against information received via a sufficiently secure channel. Verifying the fingerprint out-of-band is the opposite of TOFU. TOFU is generally understood to mean not verifying it, but flagging if it changes later.

gertrunde on Oct 16, 2023 [–]

Verifying the fingerprint out-of-band is very much what is meant to happen, but it's like reading the EULA, everyone knows that you should do it, everyone knows that very very few people do.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact