Bugtraq mailing list archives
Re: brute force
From: Marc_Mosko () jfrank COM (Marc Mosko/jfrank/us)
Date: Thu, 6 Jun 1996 03:23:08 -0400
Jeff Uphoff said about ssh:
No passwords (not even for a fallback)--only already-locally-known keys can get you in. Makes for pretty tough cracking, especially if you protect those keys with nice long pass-phrases and never type them over a network or into a non-secured xterm, etc....
The TIS Firewall Toolkit is similar and allows for S/Key one-time passwords which are very difficult to brute-force. They are generally about 5 english words, each used only one time. The weakness lies in how users renew their password lists and where/how the lists are stored by the user.... Marc Mosko J. Frank Consulting
Current thread:
- Re: brute force Jeff Uphoff (Jun 05)
- <Possible follow-ups>
- Re: brute force Marc Mosko/jfrank/us (Jun 06)