On Fri, Mar 2, 2012 at 10:10 PM, Jim Garrison <j...@jhmg.net> wrote: > On 3/2/2012 7:48 PM, wes wrote: > > > > > > I've never heard of a single breakin occurring with private-key auth > > that was due to true SSH protocol or encryption weakness. Failures > > in the human side of the process, however, have been known to happen. > > > > > > *cough cough* > > > > > http://perimetergrid.com/wp/2008/05/17/ubuntudebian-crng-cracked-ssh-vulnerable/ > > Missed that one. Seems to be limited to Debian's RNG, and affects > only the key generation process, not the protocol itself. > > > quite correct. point being, even SSH keys aren't perfect.
-wes _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug