Florin Andrei <florin@xxxxxxxxxxxxxxx> said: > http://www.schneier.com/blog/archives/2005/05/the_potential_f.html > > I can't test it right now, but i wonder - what's the default setting on > FC4, hash the hosts or not? AFAIK, no OpenSSH has ever used a hash of the host names. Neither has closed SSH, for that matter. And I see this as a very mild problem. Yes, for example I have the same password on a group of machines (small wonder, it's the same account handled via LDAP + NFS), so cracking one gives access to the others. But if they cracked my password here they could just try it on "nearby" machines, with even better results: I haven't connected to all the machines that share my account. Yes, I also do have accounts on remote machines. The accounts are not necesarily called the same as this one, and their passwords are different too. The /real/ risk is having the same account across machines. I'm quite happy with it for my personal use. For managing (some of) the machines themselves I'm not so happy (but they aren't critical, so this is not a huge risk either). -- Dr. Horst H. von Brand User #22616 counter.li.org Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513 -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list
