Hey guys, I have heard some rumors about cracking ssh2 sessions in transit when using password auth. I am currently considering ssh2 3.1.0 and am interested in using both pub key auth as well as password auth for some other systems. When using password auth, how difficult would it be for someone to sniff my connection and extract/crack my password? I only ask because someone mentioned that it would not be too difficult. What are the primary differences between password auth and pubkey? Is using password auth really that much less secure? Please give me the details.. -l0rt- --------------------------------------------------------------------- Disclaimer: Any resemblance between the above views and those of my employer, my terminal, or the view out my window are purely coincidental. Any resemblance between the above and my own views is non-deterministic. The question of the existence of views in the absence of anyone to hold them is left as an exercise for the reader. The question of the existence of the reader is left as an exercise for the second god coefficient. (A discussion of non-orthogonal, non-integral polytheism is beyond the scope of this article.) ---------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 12:33:20 PST