Re: OT: Safe to access SSH server from work?
On 5/6/11, Tom Furie <firstname.lastname@example.org> wrote:
>> So the attacker needs to guess my private key instead of my password.
>> How does that make his life more difficult, assuming my password was
>> very strong?
> No, the attacker needs to HAVE your private key and KNOW the pass phrase
> for that key. Assuming you keep your key secure and have a decent pass
> phrase his life should be very difficult indeed.
He still needs to guess a string, just like he does when password
authentication is used. What am I missing? Probably a lot, but I'm not
very experienced in security matters.