Mike Cloaked wrote: > > > Aaron Konstam wrote: >> >> Are you suggesting that decrypting the ssh keys are a feasable activity? >> I doubt it. >> >> > > I doubt it too - but having the keys means you can use them to login in as > if the original owner! Only if you can crack the pass phrase or the user was dumb enough to create a private key without a pass phrase. (I have used them on servers that need to connect to another server for a specific job, but the other server is configured to run a specific command when that key is used to connect.) A brute force password cracker is going to have a hard time unless someone picked a real poor pass phrase. You may have better luck if you have information about the creater of the pass phrase. (Didn't we have one list member that used his name as his password?) For example, someone trying to crack my pass phrase would probably try my full name, and the different signatures I use. (It would not work, but it is a good place to start.) Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!
Description: OpenPGP digital signature