Re: brute force

[Marc_Mosko () jfrank COM (Marc Mosko/jfrank/us)]

Jeff Uphoff said about ssh:
> No passwords (not even for a fallback)--only already-locally-known keys
> can get you in.  Makes for pretty tough cracking, especially if you
> protect those keys with nice long pass-phrases and never type them over
> a network or into a non-secured xterm, etc....

The TIS Firewall Toolkit is similar and allows for S/Key one-time passwords
which are very difficult to brute-force.  They are generally about 5 english
words, each used only one time.  The weakness lies in how users renew their
password lists and where/how the lists are stored by the user....

Marc Mosko
J. Frank Consulting