On 5/6/11, Tom Furie <[email protected]> wrote: >> So the attacker needs to guess my private key instead of my password. >> How does that make his life more difficult, assuming my password was >> very strong? > > No, the attacker needs to HAVE your private key and KNOW the pass phrase > for that key. Assuming you keep your key secure and have a decent pass > phrase his life should be very difficult indeed.
He still needs to guess a string, just like he does when password authentication is used. What am I missing? Probably a lot, but I'm not very experienced in security matters. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
