Which of these is more likely to be attacked? user@ssh_url.com:22, password or user@ssh_url.com:24, password
-
-
Replying to @zbrogz
Would you use a crappy password and rely on the nonstandard port to deter attackers? That's what security *through* obscurity means.
1 reply 0 retweets 0 likes -
The line is simply what is actually secure (mathematically), and what isn't. A password with sufficient entropy is secure. Not a 16-bit port
1 reply 0 retweets 0 likes -
Real crypto is secure if the key is kept secret. That isn't "obscurity". Obfuscation isn't secure because you're giving out your code.
1 reply 0 retweets 0 likes -
And proprietary crypto may be secure but most likely isn't because crypto is hard, and thus should be considered security through obscurity.
2 replies 0 retweets 0 likes -
Replying to @marcan42
My point on obscure ports is that they effectively increase the password bit length, increasing security. But maybe you’re saying that’s
1 reply 0 retweets 0 likes -
...not obscurity, which makes sense I suppose. I just feel obscurity can be used as an additional layer in some cases.
1 reply 0 retweets 0 likes -
Replying to @zbrogz
But they don't increase the password bit length. This is the "movie password cracking" fallacy. Multiple "passwords" != one longer password.
1 reply 0 retweets 0 likes -
A 16-bit constant that you crack *separately* adds negligible security to a strong password. It doesn't add 16 bits of entropy.
1 reply 0 retweets 0 likes -
Passwords getting cracked character is a movie thing but in the real world additional characters are multiplicative, not additive.
2 replies 0 retweets 0 likes
* Character by character, I meant.
8:04 PM - 23 Oct 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.