LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Nitpicking (Preventing brute force ssh attacks)

Nitpicking (Preventing brute force ssh attacks)

Posted Oct 28, 2007 17:36 UTC (Sun) by oak (subscriber, #2786)
In reply to: Nitpicking (Preventing brute force ssh attacks) by njs
Parent article: Preventing brute force ssh attacks 

Assuming the attacker cannot sniff which ports you're using (i.e. they 
have to attack blindly), using a sequence of ports could be considered 
also a password of a kind, with an *64K* alphabet.

(Log in to post comments)

Nitpicking (Preventing brute force ssh attacks)

Posted Oct 28, 2007 20:58 UTC (Sun) by njs (guest, #40338) [Link] 

Yes.  I'm not sure what your point is, though -- I already agreed that adding port knocking is
like making your password longer, and there's nothing magical about a 64K alphabet.  It just
means that a single knock gives you about 16 bits of entropy, as compared to 6 bits from a
random ascii character, so 1 knock gives a bit less than 3 (good) password characters.  Or...
you can just use a 4096-bit key and be done with it.

Nitpicking (Preventing brute force ssh attacks)

Posted Oct 28, 2007 21:02 UTC (Sun) by njs (guest, #40338) [Link] 

Oh, right, and should have also pointed out -- passwords/keys remain safe even if the attacker
is allowed to sniff all they want, no extra work is required to be secure in that case.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds