[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mission impossible



On Thursday, May 19, 2005, 07:47:36, Kaj Mdkinen wrote:
>  ...
> Of courseI have PasswordAuthentication no , PubkeyAuthentication yes
> and  Protocol 2 in my sshd_config.

I (and I'm sure many others) chose the same options.

> An attackeron my open-bsd box gets the login prompt but no password 
> prompt withouth the keyfile.
> The error is then this:  Received disconnect from xxx.xxx.xxx.xxx 11: No 
> supported authentication methods available
> Won't this be a mission impossible to hack?

Impossible?  No, but it does up the anty.

Look  at  it from this point of view, a 'typed' password is somewhere in
the order of 100-bits of key generated from characters a user is willing
to type on their keyboard.

Compare that to a 1000-bit randomly generated keyfile.

Not impossible but a heck of a lot more effort to break.

-- 
rodd_(_at_)_polylogics_(_dot_)_com     "The avalanche has already started, it is too
Rod Dorman              late for the pebbles to vote."  Ambassador Kosh