[lug] root password

David L. Anselmi anselmi at anselmi.us
Thu Aug 3 18:59:57 MDT 2006


Rob Nagler wrote:
> David L. Anselmi writes:
[...]
>>It's much easier to crack your password after compromising the remote 
>>machine than it is to crack your private key (stored on your 
>>laptop)--that's why turning off password authentication is a good
>>thing.
> 
> I don't think the logic adds up.
[...]
> To crack your key with a remote exploit, you need:
> 
> CrackB = (Crack(Lock(0:1)) + Crack(Lock(0:2))) * Crack(3DES)

Thanks for the straw man but the logic does add up.

Let me rephrase without all the convoluted math.  It is easier to 
determine a password from its MD5 hash than to determine a private (RSA) 
key from its public key.

Dave



More information about the LUG mailing list