From: Michael Orlitzky <mjo@gentoo.org>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] OpenSSH upgrade warning
Date: Tue, 10 Nov 2015 11:26:32 -0500 [thread overview]
Message-ID: <56421AB8.1080003@gentoo.org> (raw)
In-Reply-To: <1702148.kV3uT6Ls87@andromeda>
On 11/10/2015 11:13 AM, J. Roeleveld wrote:
>
> What would take longer?
> brute-forcing your root-password or a 4096 byte ssh key?
>
My password, by a lot. The password needs to be brute-forced over the
network, first of all.
And a 4096-bit public encryption key doesn't provide 4096 bits of
security -- you're thinking of symmetric encryption. Regardless, if
someone is brute-forcing passwords, it would take them "twice" as long
to brute-force both my root password and the password on my SSH key as
it would to do the root password alone. I can do better than 2x by
adding a character to my password. And that's pointless, because it
would already take forever. No-more-Earth forever.
>
>> All of the good attacks (shoot me, bribe me, steal the hardware, etc.)
>> that I can think of work just fine against the two-factor auth. The only
>> other way to get the root password is to be there when I transfer it
>> from my brain to the terminal, in which case you have the SSH key, too.
>
> The ssh-key is stored on your desktop/laptop. Secured with a passphrase.
>
If my machine is compromised, the attacker can see both the SSH key
password when I type it, and the root password when I type that.
next prev parent reply other threads:[~2015-11-10 16:26 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-10 1:38 [gentoo-user] OpenSSH upgrade warning Michael Orlitzky
2015-11-10 3:26 ` Jeff Smelser
2015-11-10 9:53 ` Alan Mackenzie
2015-11-10 10:02 ` Neil Bothwick
2015-11-10 10:05 ` Alan McKinnon
2015-11-10 14:47 ` Michael Orlitzky
2015-11-10 15:30 ` Alan McKinnon
2015-11-10 15:58 ` Michael Orlitzky
2015-11-10 16:13 ` J. Roeleveld
2015-11-10 16:26 ` Michael Orlitzky [this message]
2015-11-10 17:17 ` Michael Orlitzky
2015-11-10 20:52 ` wabenbau
2015-11-10 21:00 ` Michael Orlitzky
2015-11-10 21:11 ` wabenbau
2015-11-10 21:23 ` Michael Orlitzky
2015-11-10 21:48 ` Dale
2015-11-10 23:22 ` wabenbau
2015-11-10 18:26 ` Alan McKinnon
2015-11-10 18:55 ` Michael Orlitzky
2015-11-10 19:00 ` Jeff Smelser
2015-11-10 19:17 ` Michael Orlitzky
2015-11-10 19:20 ` Jeff Smelser
2015-11-10 19:23 ` Stanislav Nikolov
2015-11-10 19:25 ` Michael Orlitzky
2015-11-10 19:32 ` Stanislav Nikolov
2015-11-10 19:38 ` Michael Orlitzky
2015-11-10 19:31 ` Michael Orlitzky
2015-11-10 19:37 ` Stanislav Nikolov
2015-11-10 19:37 ` Jeff Smelser
2015-11-11 4:51 ` Walter Dnes
2015-11-12 12:05 ` Rich Freeman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56421AB8.1080003@gentoo.org \
--to=mjo@gentoo.org \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox