On 1/17/19 11:53 AM, James Knott wrote:
On 01/17/2019 02:48 PM, Lew Wolfgang wrote:
Well, doesn't all security rely on obscurity? The goal should be to increase obscurity as much as possible. Crypto keys can be guessed, if you can throw enough guesses. Actually, no. The method can be open, provided the keys are secret. Given the size of current keys, they'd take a huge amount of guessing.
Yes, of course, but theoretically possible to guess nevertheless. The risk of there being a vulnerability in the sshd daemon is probably greater, which is why a bad guess filter is also a good idea, along with firewall ACL's to limit who can connect (if appropriate for the requirements, of course). Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org