same user password somewhere else.
The whole point of ssh is to prevent this sort of thing, by
encrypting the message traffic over this insecure communication
channel.
I think most people using ssh already know it. or maybe not?:)
An attacker may be able to intercept the encrypted
traffic, but it will take a skilled cryptanalyst and a lot of CPU
time -- or the attacker will have to be very lucky -- to decrypt
the message and recover the passwords while they are still valid.
All of this things are strong enough to require billions of years to
crack or more.
From the beginning my point of this discussion is to stop stupidly
repeating "golden rules" like
- program a is secure
- program b is insecure
- so just don't use program b
Because it teaches people not to think.
There are difference between "insecure program" and "program without extra
security".
(You *do* change passwords periodically, don't you?)
Of course!
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
