Andreas Hasenack <[EMAIL PROTECTED]> wrote: [snip] >> Yes, but you're forcing the attacker to be more active and so you can >> try to detect her. > > "But I switched to kerberos so that, among other things, I wouldn't have > to worry about sniffers" :)
No secret is 100% secure. Someone could type random stuff that happens to be the correct response to a Kerberos challenge. Someone could find a bit of metal in the junkyard that happens to open your front door lock. The most we can say is that success in single events such as these is wildly improbable. You still need to keep an eye on that door, no matter how good your lock is, but you can check less often and the bad guys still know that they should be detected before they can pick the lock. You switch to Kerberos so that you don't have to worry *as much* about sniffers. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Our lives are forever changed. But *that* is exactly as it always was.
