Consequences of .ssh/authorized_keys being world-readable
OpenSSH sshd enforces mode 0600 for authorized_keys when StrictMode is enabled. How is mode 0644 more vulnerable?
Continue reading Consequences of .ssh/authorized_keys being world-readable
Collaborate Disseminate
OpenSSH sshd enforces mode 0600 for authorized_keys when StrictMode is enabled. How is mode 0644 more vulnerable?
Continue reading Consequences of .ssh/authorized_keys being world-readable
In a network connection over an insecure channel I do the following:
Server sends database salt and a nonce to the client;
Client computes and sends hash(hash(pwd + salt) + nonce);
Server computes hash(db_pwd_hash + nonce) and compares it… Continue reading Why is salt+nonce authentication over insecure channel vulnerable to man-in-the-middle attack?