Corporate public key?

CL Gilbert
Wed Jul 9 15:11:03 2003

Hash: SHA1

Joseph Bruni wrote:
| This gets annoying after while, especially if you find yourself needing
| to connect to said server while away from a host that has your private
| key. Being able to fall back to passwords is a nice convenience for most
| circumstances and, unless that Linux server of yours really contains
| sensitive information, I wouldn't worry about a password crack (unless
| you have really easy-to-guess passwords). Having to load your private
| key on a temporary host has its own set of vulnerabilities.
| One thing that would help to slow down a password attack is successive
| increases in delays after each wrong password. Apple's implementation of
| OpenFirmware does that to keep people from trying to brute force that
| password. Perhaps you can configure "login" or "sshd" to do the same? Or
| recommend it to the OpenBSD folks.
| I'm not knocking public-key authentication at all -- I use it almost
| exclusively -- and the ssh-agent makes life really nice. But disabling
| the fallback to passwords seems a bit obtuse, IMHO.
| On Tuesday, July 8, 2003, at 10:27 AM, CL Gilbert wrote:
|> I have disabled ssh passwords on my Linux box in favor of gpg key logins
|> because they cant be hacked like a pwd.  plus I don't have to remember
|> them as long as I have my key with me.

all these things must be considered before you do this.  but I think the
~ key is more secure than that password.  I know its neglidgible and
probably a little anal though :D  All part of Linux I guess, fun to do
and learn stuff and have my own *way* of doing things.  makes me feel as
if I *know* Linux.

Gnupg-users mailing list

- --
Thank you,

CL Gilbert
Free Java interface to
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD  19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard
Pretty Good Privacy (PGP), windows
users should try that.
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla -