[lug] root password
David L. Anselmi
anselmi at anselmi.us
Thu Aug 3 18:59:57 MDT 2006
Rob Nagler wrote:
> David L. Anselmi writes:
[...]
>>It's much easier to crack your password after compromising the remote
>>machine than it is to crack your private key (stored on your
>>laptop)--that's why turning off password authentication is a good
>>thing.
>
> I don't think the logic adds up.
[...]
> To crack your key with a remote exploit, you need:
>
> CrackB = (Crack(Lock(0:1)) + Crack(Lock(0:2))) * Crack(3DES)
Thanks for the straw man but the logic does add up.
Let me rephrase without all the convoluted math. It is easier to
determine a password from its MD5 hash than to determine a private (RSA)
key from its public key.
Dave
More information about the LUG
mailing list