Re: tightening ssh

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/21/05, Wolfgang S. Rupprecht >
> Yup.  Setting up real public-key authentication is several hundred
> orders of magnitude stronger against guessing attacks than changing
> the ssh portnumbers or adding bad hosts into some IP level filter
> table and hoping the attackers won't guess a good password before they
> run out of IP addresses to test from.
>
> (And yes, I did really mean hundreds of orders of magnitude.  An
> attacker has 1 chance in 10**308 of guessing the 1024-bit public key
> on each try if they follow the same brute-force attack.  Given a
> billion tests per second and the whole age of universe up to this
> time, we are still only talking a 1 in 10**281 chance.)
>

Even harder, if there's a password on that key.  The other part of
this discussion, I thought, was the DoS-ability of these ssh attacks. 
That is, do these ssh attacks prevent legitmate users from accessing
regardless of the authentication mechanism configured for sshd?

--
Jiann-Ming Su
"I have to decide between two equally frightening options.
 If I wanted to do that, I'd vote." --Duckman
"The system's broke, Hank.  The election baby has peed in
the bath water.  You got to throw 'em both out."  --Dale Gribble


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux