On Fri, May 6, 2011 at 12:23, George <pinkisntw...@gmail.com> wrote: >> No, the attacker needs to HAVE your private key and KNOW the pass phrase >> for that key. Assuming you keep your key secure and have a decent pass >> phrase his life should be very difficult indeed. > > He still needs to guess a string, just like he does when password > authentication is used. What am I missing? Probably a lot, but I'm not > very experienced in security matters. >
That is why the key is something you KNOW, not something you HAVE. If one can capture your password locally, then one can capture your key locally. However, keys are good to prevent brute-force attacks. Think of it like a 256-character password using the entire ASCII field. Also, keys are not susceptible to keyloggers. -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/BANLkTikoL+rPheqECU3136r8k=nwijx...@mail.gmail.com
