[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
de-peering for security sake
- Subject: de-peering for security sake
- From: mpetach at netflight.com (Matthew Petach)
- Date: Sat, 26 Dec 2015 22:06:29 -0800
- In-reply-to: <[email protected]>
- References: <278703070.5666.1451139598778.JavaMail.mhammett@ThunderFuck> <[email protected]> <-1680641458761921693@unknownmsgid> <[email protected]> <CAEmG1=qXi4Qq=Othy-dVD_94hy5HHee2R=b1=pPO9kVy0oLYFg@mail.gmail.com> <[email protected]> <CAPkb-7Cab3=2Xzmnx6+CJA0B7wBh-pfLOUXVEgFphCWetqfX4w@mail.gmail.com> <[email protected]>
On Sat, Dec 26, 2015 at 6:37 PM, Owen DeLong <owen at delong.com> wrote:
>> On Dec 26, 2015, at 15:54 , Baldur Norddahl <baldur.norddahl at gmail.com> wrote:
>>
[...]
>> The key approach is still better. Even if the password is 123456 the
>> attacker is not going to get in, unless he somehow stole the key file.
>
> Incorrect? It is possible the attacker could brute-force the key file.
>
> A 1024 bit key is only as good as a ~256 character passphrase in terms of entropy.
>
> If you are brute force or otherwise synthesizing the private key, you do not need
> the passphrase for the on-disk key. As was pointed out elsewhere, the passphrase
> for the key file only matters if you already stole the key file.
>
> In terms of guessing the private key vs. guessing a suitably long pass phrase, the
> difficulty is roughly equivalent.
Intriguing point. I was thinking about it
from the end-user perspective; but you're
right, from the bits-on-the-wire perspective,
it's all just a stream of 1's and 0's, whether
it came from a private key + passphrase
run through an algorithm or not.
Thanks for the reminder to look at it from
multiple perspectives. ^_^
Matt