On 1/16/26 8:10 AM, Derek Atkins wrote:
Umm... ssh passwords are MUCH less secure than SSH Keys..
Sure, in a narrow sense, but look at the larger picture and it isn't so
clear cut.
SSH keys can be of various strengths, pick how strong you want. Github
has moved to RSA-4096 keys, a lot of people say it is overkill, but
heck, the computer is doing the extra work, so why not?
In symmetric terms RSA-4096 has around 152-bits of entropy. It will take
a long time to brute-force that. How long?
sshd is pretty conservative in its default configuration. There are
parameters such as MaxAuthTries (default 6), MaxSessions (default 10),
MaxStartups (default 10:30:100). I haven't figured out what those all
mean, but in my log files I see thousands of login attempts.
In my most recent logwatch e-mail there were 12,265 failed ssh login
attempts. Let's assume they were all trying to brute force the same
account. How long would it take to have a 50% chance of breaking in?
Over half a billion years. Pretty strong!
Sloppy me, I tend to use ssh passwords with just 32-bits of entropy. To
have a 50% chance of breaking into my computer it will take just 480-years!
Oh shit! I'm doomed!!
Or not. I tend to change my passwords before then (when I replace the
hardware) and I have never seen any attacker persistent in attacking any
account that is capable of a password login.
So yes, for brute forcing an sshd, keys are more secure than passwords,
so what‽‽
A disadvantage with ssh keys is the private key has to be at rest,
stored on your computer for you to log into another computer. That is a
risk. What if someone got a copy of that file?
No problem, it is encrypted, it has a passphrase on it!
But how good is that encryption passphrase? 152-bits of entropy? No. It
is /really/ hard to type that long a passphrase, without echo, and not
make mistakes. No one includes that in their regular routine as
something they frequently type.
And what happens if a foe got a copy of that encrypted SSH key, how many
attempts per day could they make to crack it? A quick web search
suggests millions of attempts per second, with a single, old model GPU
card. No matter what the specific rate is, if you want to go faster, buy
more and fancier GPUs. You can go as fast as you want to spend money
doing it. How long is your passphrase again?
But if you want to try ssh passwords against my under-powered little
server hardware you can only go as fast as my little machine can run and
is willing to run. Servers are naturally rate-limited, offline
encryption cracking is not.
I like passwords because I choose them randomly, don't reuse them on
different systems, they are not sitting conveniently at rest on my
computer, they are simple to set up (run "passwd"), and because I simply
remember the ones I use frequently their management has a very small
attack surface.
Both approaches have their merits (I do have at least one SSH key, in
production, at this very moment), but the idea that in real use SSH keys
are /*so*/ much stronger than SSH passwords…is not true.
-kb, the Kent who thinks it weird that no one ever points out that a
secure login password need not be /nearly/ as long as a secure
encryption passphrase.
_______________________________________________
Discuss mailing list
[email protected]
https://lists.blu.org/mailman/listinfo/discuss
