Vulnerability Development mailing list archives
ssh
From: -l0rt- <simon () snosoft com>
Date: Wed, 6 Feb 2002 15:06:19 -0500 (EST)
Hey guys,
I have heard some rumors about cracking ssh2 sessions in transit
when using password auth. I am currently considering ssh2 3.1.0 and am
interested in using both pub key auth as well as password auth for some
other systems.
When using password auth, how difficult would it be for someone to
sniff my connection and extract/crack my password? I only ask because
someone mentioned that it would not be too difficult. What are the
primary differences between password auth and pubkey? Is using password
auth really that much less secure? Please give me the details..
-l0rt-
---------------------------------------------------------------------
Disclaimer: Any resemblance between the above views and those of
my employer, my terminal, or the view out my window are purely
coincidental. Any resemblance between the above and my own views is
non-deterministic. The question of the existence of views in the
absence of anyone to hold them is left as an exercise for the reader.
The question of the existence of the reader is left as an exercise for
the second god coefficient. (A discussion of non-orthogonal,
non-integral polytheism is beyond the scope of this article.)
---------------------------------------------------------------------
Current thread:
- ssh -l0rt- (Feb 06)
- Re: ssh Jose Nazario (Feb 06)
- Re: ssh -l0rt- (Feb 06)
- Re: ssh Jose Nazario (Feb 06)
- Re: ssh Jose Nazario (Feb 06)
- Re: ssh Olaf Kirch (Feb 07)
- Re: ssh Jose Nazario (Feb 07)
- Re: ssh Michal Zalewski (Feb 07)
- HTTP 1.1 TRACE Command Clinton Smith (Feb 07)
- Re: HTTP 1.1 TRACE Command Clinton Smith (Feb 08)
- Re: ssh -l0rt- (Feb 06)
- Re: ssh Jose Nazario (Feb 06)