[clug] Linux Security
Sam Couter
sam at couter.id.au
Fri Jun 13 22:44:03 GMT 2008
Craig Small <csmall at enc.com.au> wrote:
> They still need to have your RSA key passphrase. It means that if you
> get/have one, its no good unless you have the other. For something where
> you are going from one known host to another known host, its great.
The biggest difference here between password and public key
authentication is that the private key passphrase can be cracked offline
and undetectably using the biggest computing cluster or botnet you can
get your hands on. Passwords can only be cracked online, and if you've
got something like fail2ban installed there's very few attempts
available.
Having said that, I still prefer public key authentication. Apart from
higher security (assuming I really can keep my private key private),
it's far more convenient when combined with ssh-agent.
Okay, so now I've mentioned ssh-agent. I think I'll stop short on the
discussion of the security implications of holding an unencrypted copy
of the private key in memory.
--
Sam Couter | mailto:sam at couter.id.au
OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/linux/attachments/20080614/34b2a017/attachment.bin
More information about the linux
mailing list