> Date: Mon, 30 Mar 2009 16:52:24 +0100 > From: Damian Myerscough <damian.myerscough@xxxxxxxxx> > To: Mike McGrath <mmcgrath@xxxxxxxxxx> > Cc: Fedora Infrastructure <fedora-infrastructure-list@xxxxxxxxxx> > Subject: Re: Intrusion Update > > I have just done some research on SSH and S/Key and I read that S/Key cannot > withstand a brute forced attack [1] > > [1] http://www.gentoo-wiki.info/OpenSSH_skey In addition, skey-like authentication schemes only work if the end users of aren't automating their login process and keep the skey-like program on a separate system like a pda. Believe me, if you implement an skey-alike you will have users dumb enough to automate their login processes and run the skey-like calculator on the same machine they are logging in from. -- Matthew Galgoci Network Operations Red Hat, Inc 919.754.3700 x44155 _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
