[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: Safe to access SSH server from work?

On Friday 6 May, 2011 05:08:52 Brian wrote:
> I'm unsure whether you mean 'prevent' because neither keys nor passwords
> can stop brute forcing attempts. If you mean a key (256 characters) is
> stronger than a password (20 characters) I'd agree. But the key is no
> more secure than the password. Not unless the attacker has considerably
> more than the allotted three score years and ten to look forward to.
> George may be past caring by then, though.

Can't you see what a difference the number and nature of characters means?  It's the difference between 10 years and a million years.

 
> Keyloggers would get the key passphrase too. And the USB stick would
> have its contents pilfered. So, keys don't appear to give any advantage
> over passwords on an untrusted machine.

Can't you see the difference between the unlikeliness of a malevolent hacker actually at the client machine, and one out there on The Internets?  It's the difference between your cubicle buddy Bob, and the Russians and Chinese.

No sir.  Keys are far more secure.
Reply to: