Intrusion Update
susmit shannigrahi
thinklinux.ssh at gmail.com
Mon Mar 30 16:05:36 UTC 2009
On Mon, Mar 30, 2009 at 9:22 PM, Damian Myerscough
<damian.myerscough at gmail.com> wrote:
> I have just done some research on SSH and S/Key and I read that S/Key cannot
> withstand a brute forced attack [1]
>
> [1] http://www.gentoo-wiki.info/OpenSSH_skey
True, but We can lock out an account after 10 (or 100) invalid attempts.
Brute-force will require more than that number of attempts.
A six latter password will require few hundred (~380) million generations.
--
Regards,
Susmit.
=============================================
ssh
0x86DD170A
http://www.fedoraproject.org/wiki/user:susmit
=============================================
Sent from: Calcutta WB India.
More information about the infrastructure
mailing list