Re: john the ripper for private keys?
From: Bernd Schubert (bernd-schubert_at_web.de)
Date: 03/15/04
- Previous message: all mail refused: "Re: john the ripper for private keys?"
- In reply to: all mail refused: "Re: john the ripper for private keys?"
- Next in thread: Richard E. Silverman: "Re: john the ripper for private keys?"
- Reply: Richard E. Silverman: "Re: john the ripper for private keys?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 15 Mar 2004 23:00:50 +0100
>
>>Actually I think it would be pretty easy to make ssh-add and ssh-agent not
>>to like empty or too easy passwords as default (the same way as most
>>passwd's currently do).
>
> How will you ensure people use your version of those programs ?
> Access control belongs on the server.
>
Of course every version should have those tests. Users who use weak
passwords usually don't patch programs to be able to use weak passwords, do
they? ;)
I think using the ssh-agent is a good way to be able to type one's password
only once. However it can be pretty insecure since users can have weak or
even empty passwords for their keys. I'm just looking for a way to ensure
our users have proper passwords.
Bernd
- Previous message: all mail refused: "Re: john the ripper for private keys?"
- In reply to: all mail refused: "Re: john the ripper for private keys?"
- Next in thread: Richard E. Silverman: "Re: john the ripper for private keys?"
- Reply: Richard E. Silverman: "Re: john the ripper for private keys?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
