Problems in Passphrase Quality


People encrypt private keys with poor passwords outside an administrator's control!

Example: SSH private keys in NFS home directories

Using sshow (from the dsniff suite) to sniff SSH traffic, I have identified users with unencrypted RSA keys to target

Using filesnarf (from the dsniff suite) and sshcrack (by ADM member stran9er), I have successfully recovered users' SSH private keys, both in the clear and encrypted with crappy passwords