[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: Safe to access SSH server from work?

On 5/6/11, Tom Furie <tom@furie.org.uk> wrote:

>> So the attacker needs to guess my private key instead of my password.
>> How does that make his life more difficult, assuming my password was
>> very strong?
>
> No, the attacker needs to HAVE your private key and KNOW the pass phrase
> for that key. Assuming you keep your key secure and have a decent pass
> phrase his life should be very difficult indeed.

He still needs to guess a string, just like he does when password
authentication is used. What am I missing? Probably a lot, but I'm not
very experienced in security matters.
Reply to: