[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mission impossible

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: mission impossible
From: Rod Dorman <rodd_(_at_)_polylogics_(_dot_)_com>
Date: Thu, 19 May 2005 11:47:59 -0400
Organization: Polylogics Consulting
Reply-to: Rod Dorman <rodd_(_at_)_polylogics_(_dot_)_com>

On Thursday, May 19, 2005, 07:47:36, Kaj Mdkinen wrote:
>  ...
> Of courseI have PasswordAuthentication no , PubkeyAuthentication yes
> and  Protocol 2 in my sshd_config.

I (and I'm sure many others) chose the same options.

> An attackeron my open-bsd box gets the login prompt but no password 
> prompt withouth the keyfile.
> The error is then this:  Received disconnect from xxx.xxx.xxx.xxx 11: No 
> supported authentication methods available
> Won't this be a mission impossible to hack?

Impossible?  No, but it does up the anty.

Look  at  it from this point of view, a 'typed' password is somewhere in
the order of 100-bits of key generated from characters a user is willing
to type on their keyboard.

Compare that to a 1000-bit randomly generated keyfile.

Not impossible but a heck of a lot more effort to break.

-- 
rodd_(_at_)_polylogics_(_dot_)_com     "The avalanche has already started, it is too
Rod Dorman              late for the pebbles to vote."  Ambassador Kosh

References:
- mission impossible
  - From: Kaj Mäkinen

Prev by Date: Re: mission impossible
Next by Date: 3.7 is released!
Previous by thread: Re: mission impossible
Next by thread: Booting OpenBSD without any console output
Index(es):
- Date
- Thread

Visit your host, monkey.org