Re: [tlug] attack via ssh? (don't panic :-P)

[David Santinoli <marauder@example.com>]

On Wed, May 18, 2005 at 06:26:22PM +0900, Stephen J. Turnbull wrote:
> David> IMHO that's not "security through obscurity", as security
> David> here totally depends on the key (sequence of knocks) and
> David> not on the secrecy of the protection scheme itself.
> 
> No, it depends on the secrecy of the protection scheme.  It's a
> cleartext password being sent over the Internet, OK?

Hmmm.  I admit I knew about the idea, not the actual implementation,
which indeed looks a bit naive.  Using longer, one-time (non-replayable)
sequences could be a significant improvement.

Cheers,
 David
-- 
 David Santinoli, Milano             +   <david@example.com>
 Independent Linux/Unix consultant   +   http://www.santinoli.com