[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ssh clarification needed



Mike Cloaked wrote:
> 
> 
> Aaron Konstam wrote:
>>
>> Are you suggesting that decrypting the ssh keys are a feasable activity?
>> I doubt it.
>>
>>
> 
> I doubt it too - but having the keys means you can use them to login in as
> if the original owner!

Only if you can crack the pass phrase or the user was dumb enough to
create a private key without a pass phrase. (I have used them on
servers that need to connect to another server for a specific job,
but the other server is configured to run a specific command when
that key is used to connect.)

A brute force password cracker is going to have a hard time unless
someone picked a real poor pass phrase. You may have better luck if
you have information about the creater of the pass phrase. (Didn't
we have one list member that used his name as his password?) For
example, someone trying to crack my pass phrase would probably try
my full name, and the different signatures I use. (It would not
work, but it is a good place to start.)

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]