Re: Newbie question: SSH2 and public-key authentication safe?
From: Markus Friedl (msfriedl@cip.informatik.uni-erlangen.de)Date: 01/26/02
- Next message: Markus Friedl: "Re: sshd [871] random session key or cracked?"
- Previous message: KJdkjlfls: "Newbie question: SSH2 and public-key authentication safe?"
- In reply to: KJdkjlfls: "Newbie question: SSH2 and public-key authentication safe?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: msfriedl@cip.informatik.uni-erlangen.de (Markus Friedl) Date: 26 Jan 2002 09:27:15 GMT
>For example#1, what if the WalletInspector steals my public-key (my
>private key is still safe.) If he has my public-key, is that
>enough for him to 'impersonate' my identity, and attempt to login
>to the SSH2 server?
no. he needs the unencrypted private key.
>For example#2, let's say the WalletInsepctor steals BOTH my
>public-key and private-key. By comparing the private-key and
>public-key, can he reconstruct the passphrase?
no. he needs the to start a brute force attack (e.g.
try words from a dictionary) against the encrypted
private key.
- Next message: Markus Friedl: "Re: sshd [871] random session key or cracked?"
- Previous message: KJdkjlfls: "Newbie question: SSH2 and public-key authentication safe?"
- In reply to: KJdkjlfls: "Newbie question: SSH2 and public-key authentication safe?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
