[ILUG] SSH dictionary attacks.
Aine Douglas
aine.douglas at gmail.com
Wed Aug 23 22:19:14 IST 2006
On 8/23/06, paul at clubi.ie <paul at clubi.ie> wrote:
> > You can actually control the pasphrases used to protect keys if you
> > issue the keys from a corporate controlled CA,
>
> No you can't, not for ssh keys in the actual "SSH key" sense!
>
> You might be able to issue secret keys to users with 'good'
> pass-phrases on them, but the user has full power over the key,
> including power to change that annoying IT-issued pass-phrase to
> something they can remember a bit easier.
I'd challenge that. The largest, and probably disproportionately most
expensive PKI system in Ireland is operated by the Revenue
Commissioners allowing the general public deal with them
electronically.
They issue you with a digital cert and private key in PKCS12 format
from their CA for you to sign all online dealing with them in a non
repudable fashion.
Sing up at www.ros.ie and try and change the password for that PKCS12
file outside of the ROS system. Can't be done with any PKCS12 tool
available.
Similar devices are at the disposal of all CA operators....
Aine.
More information about the ILUG
mailing list