Re: Searching for a special challenge&response algorithm
- From: Jan Peter Stotz <jp_news@xxxxxx>
- Date: Mon, 1 May 2006 10:17:34 +0200
David Sharpe schrieb:
Mr. Unruh is right. You're making this problem needlessly
complex/imagining a problem that is hardly there.
That may be. But from my point of view you are making too many assumptions
which are incorrect in my case.
Server side, only accept an authentication request PER ACCOUNT once
every thirty seconds.
That is a nice way if your accountnames can not be easily guessed.
Otherwise it is a perfect starting point for a DOS attack...
In other words, each user needs his OWN private
authentication key.
As I said I don't talk about SSH. I do not have to possibility to use
public key authentication and I do not have personalized accounts.
If you are trying to consider an account where multiple users are using
the same key, then your security problem is already bigger than a
simple brute force attack. However, if you NEED this to be the case,
then yes, as Mr. Moreno goes on to say: block per IP. One thousand
connections would require one thousand IPs.
And clients which connect through a proxy are seen on this per-IP-basis as
one client which is definitely wrong. This is why I want to use something
which belongs only to one client.
Jan
.
- Follow-Ups:
- Re: Searching for a special challenge&response algorithm
- From: David Sharpe
- Re: Searching for a special challenge&response algorithm
- References:
- Re: Searching for a special challenge&response algorithm
- From: David Sharpe
- Re: Searching for a special challenge&response algorithm
- Prev by Date: Re: Cryptographic strength in Wireless Alarm Systems?
- Next by Date: Re: gnupg rsa question // why use e of 41 ?
- Previous by thread: Re: Searching for a special challenge&response algorithm
- Next by thread: Re: Searching for a special challenge&response algorithm
- Index(es):
Relevant Pages
|
