same user password somewhere else.

The whole point of ssh is to prevent this sort of thing, by
encrypting the message traffic over this insecure communication

I think most people using ssh already know it. or maybe not?:)

 An attacker may be able to intercept the encrypted
traffic, but it will take a skilled cryptanalyst and a lot of CPU
time -- or the attacker will have to be very lucky -- to decrypt
the message and recover the passwords while they are still valid.

All of this things are strong enough to require billions of years to crack or more.

From the beginning my point of this discussion is to stop stupidly
repeating "golden rules" like

- program a is secure
- program b is insecure
- so just don't use program b

Because it teaches people not to think.

There are difference between "insecure program" and "program without extra security".

(You *do* change passwords periodically, don't you?)

Of course!
_______________________________________________ mailing list
To unsubscribe, send any mail to ""

Reply via email to