[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: Safe to access SSH server from work?

On Fri, May 6, 2011 at 15:08, Brian <ad44@cityscape.co.uk> wrote:
> On Fri 06 May 2011 at 13:48:23 +0300, Dotan Cohen wrote:
>> However, keys are good to prevent brute-force attacks. Think of it
>> like a 256-character password using the entire ASCII field. Also, keys
>> are not susceptible to keyloggers.
> I'm unsure whether you mean 'prevent' because neither keys nor passwords
> can stop brute forcing attempts. If you mean a key (256 characters) is
> stronger than a password (20 characters) I'd agree. But the key is no
> more secure than the password. Not unless the attacker has considerably
> more than the allotted three score years and ten to look forward to.
> George may be past caring by then, though.

Agreed, a strong password is good enough to prevent a brute force
attack for all practical purposes.

> Keyloggers would get the key passphrase too.

Useless without the key itself.

> And the USB stick would
> have its contents pilfered.


> So, keys don't appear to give any advantage
> over passwords on an untrusted machine.

Agreed that for purposes of saying "nothing was taken" then the key
gives not advantage. However, if the machine is only pilfering USB
contents (unlikely) or only has a keylogger (actually very likely)
then using a key will mitigate.

Dotan Cohen


Reply to: