On Wednesday 28 June 2006 06:13, Ian Cheong wrote: > When comparing port knocking to RSA keys: > 3 knocks from 65536 possible ports results in probability of guessing > at 1 in 2.8 x10^^14. > 512-bit RSA key results in probability of guessing at 1 in 1.34x10^^154. > 1024-bit RSA key default in ssh-keygen results in a very low > probability (try squaring the number on the last line) of a brute > force attack. > > I guess that's why port knocking is reported as not quite taking off > yet in the security community.
A bit like saying "that's why bananas haven't taken off as combat weapons". Port knocking is a simple yet most efficient method to thwart script kiddies using out-of-the-box "cracking kits". It also enables banning IP numbers originating probing attacks in a very simple and efficient way. It is *NOT* a substitute for authentication, never has been intended to be one. Horst _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
