On 2/3/2017 12:43 PM, Dan Ritter wrote: > a) it has a zero-latency, no penalty for wrong-guesses method of > trying passwords
In this case security depends almost entirely on intrusion prevention systems. > b) it has the hash of the passphrase in front of it and is generating > matches. And in this case, after case a has failed, password quality becomes a relevant factor. At this point a 521-bit ECDSA key, comparable to AES-256 in terms of key strength, is vastly stronger than anything you can keep in your head. On 2/3/2017 1:20 PM, Kent Borg wrote: > You are confusing (1) a password used as a password, and (2) a > passphrase used for an encryption key. They are completely different. Rather, you are assuming that Dan's case b will never happen whereas I'm assuming that it will. There is no difference at all once case b happens. I'm not a proponent of SSH keys per se. I'm an opponent of passwords. They suck. They're a bad habit that the computer industry should have long since abandoned. I prefer using SSH keys because they suck less than using passwords and nobody has come up with anything better. -- Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
