[17283] in cryptography@c2.net mail archive
Re: Citibank discloses private information to improve security
daemon@ATHENA.MIT.EDU (Ian G)
Tue May 31 12:11:44 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Ian G <iang@systemics.com>
To: "James A. Donald" <jamesd@echeque.com>
Date: Tue, 31 May 2005 14:45:56 +0100
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
In-Reply-To: <42984C5C.30126.1D70B2@localhost>
On Saturday 28 May 2005 18:47, James A. Donald wrote:
> Do we have any comparable experience on SSH logins?
> Existing SSH uses tend to be geek oriented, and do not
> secure stuff that is under heavy attack. Does anyone
> have any examples of SSH securing something that was
> valuable to the user, under attack, and then the key
> changed without warning? How then did the users react?
I've heard an anecdote on 2 out of 3 of those criteria:
In a bank that makes heavy use of SSH, the users have
to phone the help desk to get the key reset when the
warning pops up. The users of course blame the tool.
I suspect in time the addition of certificate based
checking into SSH or the centralised management
of keys will overcome this.
iang
--
Advances in Financial Cryptography:
https://www.financialcryptography.com/mt/archives/000458.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
