User: Password:
|
|
Subscribe / Log in / New account

Nitpicking (Preventing brute force ssh attacks)

Nitpicking (Preventing brute force ssh attacks)

Posted Oct 28, 2007 17:36 UTC (Sun) by oak (guest, #2786)
In reply to: Nitpicking (Preventing brute force ssh attacks) by njs
Parent article: Preventing brute force ssh attacks

Assuming the attacker cannot sniff which ports you're using (i.e. they 
have to attack blindly), using a sequence of ports could be considered 
also a password of a kind, with an *64K* alphabet.


(Log in to post comments)

Nitpicking (Preventing brute force ssh attacks)

Posted Oct 28, 2007 20:58 UTC (Sun) by njs (guest, #40338) [Link]

Yes.  I'm not sure what your point is, though -- I already agreed that adding port knocking is
like making your password longer, and there's nothing magical about a 64K alphabet.  It just
means that a single knock gives you about 16 bits of entropy, as compared to 6 bits from a
random ascii character, so 1 knock gives a bit less than 3 (good) password characters.  Or...
you can just use a 4096-bit key and be done with it.

Nitpicking (Preventing brute force ssh attacks)

Posted Oct 28, 2007 21:02 UTC (Sun) by njs (guest, #40338) [Link]

Oh, right, and should have also pointed out -- passwords/keys remain safe even if the attacker
is allowed to sniff all they want, no extra work is required to be secure in that case.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds