> Date: Mon, 30 Mar 2009 16:52:24 +0100 > From: Damian Myerscough <[email protected]> > To: Mike McGrath <[email protected]> > Cc: Fedora Infrastructure <[email protected]> > Subject: Re: Intrusion Update > > I have just done some research on SSH and S/Key and I read that S/Key cannot > withstand a brute forced attack [1] > > [1] http://www.gentoo-wiki.info/OpenSSH_skey
In addition, skey-like authentication schemes only work if the end users of aren't automating their login process and keep the skey-like program on a separate system like a pda. Believe me, if you implement an skey-alike you will have users dumb enough to automate their login processes and run the skey-like calculator on the same machine they are logging in from. -- Matthew Galgoci Network Operations Red Hat, Inc 919.754.3700 x44155 _______________________________________________ Fedora-infrastructure-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
