Date: Thu, 31 May 2001 16:54:48 -0700 From: Michael Bryan <fbsd-secure@ursine.com> To: freebsd-security@FreeBSD.ORG Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <3B16D9C8.2F6CE52E@ursine.com> References: <200105312300.f4VN0RD24448@cwsys.cwsent.com> <Pine.BSF.4.31.0105311621290.52261-100000@localhost> <20010601013041.A32818@area51.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Alex Holst wrote: > > I was > surprised when I read about the compromise, because it gives the impression > that people are still using passwords (as opposed to keys with passphrases) > for authentication in this day and age. Is that correct? If so, why is that? Yeah, I'd say it's correct. As to why, I can think of two reasons. 1) It's easier to use ssh with passwords, and just not be "bothered" with the key maintenance. 2) The password is sent encrypted, not in cleartext, and that is in many people's minds one of the most important benefits of using ssh. The extra safety of keys is just not always seen as being worth the extra work. [And I'm not arguing either side of that issue, different people believe or prioritize in different ways...] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B16D9C8.2F6CE52E>