Re: Does Public Key Authentication offer additional security over SSH/SFTP

From: Anne & Lynn Wheeler <lynn@xxxxxxxxxx>
Date: Sat, 16 Dec 2006 15:45:09 -0700

Darren Tucker <dtucker@xxxxxxxxxxxxxxxx> writes:

Root can also trivally copy the private key and perform an offline
dictionary attack to determine the passphrase. This probably won't
take long for simple passphrases.

arcot
http://www.arcot.com/

was demo'ing private key file cracks at rsa '98 ... avg. time was
something like 30 seconds. they showed lots of vulnerabilities that
attackers (not just root) could obtain/harvest files off of PCs. they
also demo'ed a countermeasure that it made it significantly more
difficult for an attacker doing brute force attack on private key
file.

at the time, some were expecting that chip-based containers (for
private keys) were just momentarily around the corner ... and the
private key file scenarios were supposedly just emulating real chip
containers (pending the availability of the real thing).
.

References:
- Does Public Key Authentication offer additional security over SSH/SFTP
  - From: Marty W
- Re: Does Public Key Authentication offer additional security over SSH/SFTP
  - From: Chuck
- Re: Does Public Key Authentication offer additional security over SSH/SFTP
  - From: Unruh
- Re: Does Public Key Authentication offer additional security over SSH/SFTP
  - From: Chuck
- Re: Does Public Key Authentication offer additional security over SSH/SFTP
  - From: Richard E. Silverman
- Re: Does Public Key Authentication offer additional security over SSH/SFTP
  - From: Darren Tucker

Prev by Date: Re: Does Public Key Authentication offer additional security over SSH/SFTP
Next by Date: Re: What is the difference between ftp encryption types SSL, TLS, SFTP and SSH ?
Previous by thread: Re: Does Public Key Authentication offer additional security over SSH/SFTP
Next by thread: Re: Does Public Key Authentication offer additional security over SSH/SFTP
Index(es):
- Date
- Thread

Relevant Pages

Re: usefulness of changing ssh ports
... RY> So, it you DO use a passphrase to protect your keys, then the ... RY> chance of a successful attack are about the same as guessing your ... I'd say that overall, publickey is stronger, but there are other ... your private key file, ...
(comp.security.ssh)
Re: Feature request
... >>the passphrase? ... the private key file on disk is the private key encrypted with the ...
(comp.security.ssh)
Re: usefulness of changing ssh ports
... RY> So, it you DO use a passphrase to protect your keys, then the ... RY> chance of a successful attack are about the same as guessing your ... I'd say that overall, publickey is stronger, but there are other ... your private key file, ...
(comp.security.ssh)
RE: PuTTY SSH w/o a Password
... (without being prompted for a passphrase) ... Saved the private key to the putty directory as id_dsa1.PPK ... and changed the private key file to use the null ... Connect to ssh server. ...
(RedHat)
Re: Main Reason for Using PKA?
... I'm at a loss to understand your confusion. ... you need to know your own passphrase if you want to use key-based ... "the remote user has to be in possesion of private key" ... access to your private key file. ...
(comp.sys.mac.system)