On Fri, Jan 28, 2005 at 10:36:22PM -0800, Stewart Stremler spake thusly: > begin quoting Gregory K. Ruiz-Ade as of Fri, Jan 28, 2005 at 01:46:35PM > -0800: > [snip] > > Who, if you're using PubkeyAuthentication, will only see an encrypted > > burst of data between your laptop and the host you're connecting two. > > So there's a good argument to setting that up and denying all passwords?
I consider the chances of anyone actually brute forcing a password by entering at the login prompt extremely remote. I can't think of a single case I have ever seen where that actually happened if the password was not set to some incredibly stupid default or "password". Especially given that password delays a few seconds after each attempt a dictionary or brute force attack will surely take ages. So I am not sure it is really worth the hassle of occasionally not being able to log into your own box. The only real attack I can see this stopping is that of someone brute-forcing the password hash from a stolen /etc/passwd file. Although it would give me a real good reason to carry around my USB keychain drive with my keys on it. -- Tracy Reed http://ultraviolet.org This message is cryptographically signed for your protection. Info: http://copilotconsulting.com/sig
pgpg6dQcBgUvl.pgp
Description: PGP signature
-- KPLUG-List mailing list [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
