George:
> On 5/6/11, Jochen Schulz <ml@well-adjusted.de> wrote:
>
>> You can authenticate to an OpenSSH server using a password, or using a
>> keyfile. On the client side, simply run 'ssh-keygen' to create a
>> keypair.
>
> So the attacker needs to guess my private key instead of my password.
Exactly.
> How does that make his life more difficult, assuming my password was
> very strong?
A keyfile is longer and contains more entropy. I doubt your is using a
password with 1024 bits of entropy, let alone 2048 or 4096. Even for
only 1024 bits of entropy you would need a passphrase of 128 characters
to match a keyfile's strength. And that's only if you assume your
password has an entropy of 8 bits per character, which probably isn't
the case (see here:
http://en.wikipedia.org/wiki/Password_strength#Random_passwords and the
table below that).
If an attacker has access to your passphrase-protected private key file,
security is of course reduced to your passphrase's strength, which puts
you into almost the same situation as with a login without a keyfile.
J.
--
I spend money without thinking on products and clothes that I believe
will enhance my social standing.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
Attachment:
signature.asc
Description: Digital signature