[lug] root password

David L. Anselmi anselmi at anselmi.us
Thu Aug 3 18:59:57 MDT 2006

Rob Nagler wrote:
> David L. Anselmi writes:
>>It's much easier to crack your password after compromising the remote 
>>machine than it is to crack your private key (stored on your 
>>laptop)--that's why turning off password authentication is a good
> I don't think the logic adds up.
> To crack your key with a remote exploit, you need:
> CrackB = (Crack(Lock(0:1)) + Crack(Lock(0:2))) * Crack(3DES)

Thanks for the straw man but the logic does add up.

Let me rephrase without all the convoluted math.  It is easier to 
determine a password from its MD5 hash than to determine a private (RSA) 
key from its public key.


More information about the LUG mailing list