[Cryptography] Kali Linux security is a joke!
Dave Howe
DaveHowe at gmx.co.uk
Tue Mar 17 14:47:43 EDT 2015
On 16/03/2015 19:07, Henry Baker wrote:
> So how come whenever you do apt-get in Kali Linux, it accesses http://security.kali.org and http://http.kali.org ??
> Hasn't Kali heard about MITM attacks against http ??
Not seeing why that would matter? Each repo has a hash table of all the
packages within it, and that hash table is gnupg signed. If you attempt
to alter a package, it would no longer match the hash table, and if you
alter the hash table, it will no longer validate against the detached
signature. The tools *do* check those, and alert if they don't match.
The protection is end-to-end, not on the transport.
More information about the cryptography
mailing list