Re: OT: Safe to access SSH server from work?

To: Brian <ad44@cityscape.co.uk>
Cc: debian-user@lists.debian.org
Subject: Re: OT: Safe to access SSH server from work?
From: Dotan Cohen <dotancohen@gmail.com>
Date: Fri, 6 May 2011 15:51:32 +0300
Message-id: <[🔎] BANLkTin0NVnL70zyNrgvFqS2N1HiJx+jpw@mail.gmail.com>
In-reply-to: <[🔎] 20110506120852.GL13057@desktop>
References: <[🔎] BANLkTinFavrwh5NcWFcdJCE8+M-ja5=UXw@mail.gmail.com> <[🔎] 20110505214313.GK12860@wasteland.homelinux.net> <[🔎] BANLkTi=qGuM0ibNXhnaSwwZFdu7D1pzR0Q@mail.gmail.com> <[🔎] 20110506075429.GL12860@wasteland.homelinux.net> <[🔎] BANLkTikDTKmvC2hHN3LfLfs07o_xJiBN9w@mail.gmail.com> <[🔎] 20110506090219.GA8690@furie.org.uk> <[🔎] BANLkTimC0J4ZMR8LZpEDwNDSa5f=+-Nv4A@mail.gmail.com> <[🔎] BANLkTikoL+rPheqECU3136r8k=NwiJxeGw@mail.gmail.com> <[🔎] 20110506120852.GL13057@desktop>

On Fri, May 6, 2011 at 15:08, Brian <ad44@cityscape.co.uk> wrote:
> On Fri 06 May 2011 at 13:48:23 +0300, Dotan Cohen wrote:
>
>> However, keys are good to prevent brute-force attacks. Think of it
>> like a 256-character password using the entire ASCII field. Also, keys
>> are not susceptible to keyloggers.
>
> I'm unsure whether you mean 'prevent' because neither keys nor passwords
> can stop brute forcing attempts. If you mean a key (256 characters) is
> stronger than a password (20 characters) I'd agree. But the key is no
> more secure than the password. Not unless the attacker has considerably
> more than the allotted three score years and ten to look forward to.
> George may be past caring by then, though.
>

Agreed, a strong password is good enough to prevent a brute force
attack for all practical purposes.


> Keyloggers would get the key passphrase too.

Useless without the key itself.

> And the USB stick would
> have its contents pilfered.

Agreed.

> So, keys don't appear to give any advantage
> over passwords on an untrusted machine.
>

Agreed that for purposes of saying "nothing was taken" then the key
gives not advantage. However, if the machine is only pilfering USB
contents (unlikely) or only has a keylogger (actually very likely)
then using a key will mitigate.

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com

Reply to:

References:
- OT: Safe to access SSH server from work?
  - From: George <pinkisntwell@gmail.com>
- Re: OT: Safe to access SSH server from work?
  - From: Jochen Schulz <ml@well-adjusted.de>
- Re: OT: Safe to access SSH server from work?
  - From: George <pinkisntwell@gmail.com>
- Re: OT: Safe to access SSH server from work?
  - From: Jochen Schulz <ml@well-adjusted.de>
- Re: OT: Safe to access SSH server from work?
  - From: George <pinkisntwell@gmail.com>
- Re: OT: Safe to access SSH server from work?
  - From: Tom Furie <tom@furie.org.uk>
- Re: OT: Safe to access SSH server from work?
  - From: George <pinkisntwell@gmail.com>
- Re: OT: Safe to access SSH server from work?
  - From: Dotan Cohen <dotancohen@gmail.com>
- Re: OT: Safe to access SSH server from work?
  - From: Brian <ad44@cityscape.co.uk>

Prev by Date: Re: OT: Safe to access SSH server from work?
Next by Date: Re: OT: Safe to access SSH server from work?
Previous by thread: Re: OT: Safe to access SSH server from work?
Next by thread: Re: OT: Safe to access SSH server from work?
Index(es):
- Date
- Thread