[ILUG] SSH dictionary attacks.
paul at clubi.ie
paul at clubi.ie
Sun Aug 27 17:29:02 IST 2006
Just to point out another point of mine you overlooked:
On Sun, 27 Aug 2006, Aine Douglas wrote:
> On 8/27/06, paul at clubi.ie <paul at clubi.ie> wrote:
>> Simply put: If the public key crypto is done in software on the host,
>> it's just unavoidable for the secret key to end up in user-readable
>> memory as things stand.
^^^^^^^^^^^^^^^
> Technologies have moved on since you've learned this one.
^^^^^^^^^^^^^^
No they havn't. I was specific in referring to systems /today/.
Also, you are conflating expertise with control.
You seem to assume that because the vast majority of users do not
have the expertise required to exert their control of the /original/
software, that therefore they have no control.
You are wrong. Just look go look at some of the other fields of
software-only "user control", such as "content protection" for
audio/visual data and games. Look how successful it is.
It just takes *one* person with the expertise to allow /all/ the
users to exercise the control they instrinsically have over software,
with todays systems[1].
Look at XBox: MS controlled everything in it, but it still was
vulnerable, and primarily through vulnerabilities in 3rd party
software.
1. 'fully trusted' systems, i.e. those systems which trust
the hardware maker and OS vendor rather than their owner, don't
exist today and are largely a pipe-dream IMHO, at least for
widespread use, for several reasons.
regards,
--
Paul Jakma paul at clubi.ie paul at jakma.org Key ID: 64A2FF6A
Fortune:
"Trust me":
Translation of the Latin "caveat emptor."
More information about the ILUG
mailing list