[cvsnt] Re: sspi vs. ssh ?!?
Ralf Steinhaeusser
stralf at gmx.net
Sat Nov 8 14:56:49 GMT 2003
On Sat, 08 Nov 2003 14:38:46 +0000, Tony Hoyle <tmh at nodomain.org>
wrote:
>>1.) Is there a way to use sspi with a "keyfile" or something similar
>>instead of the login-password?
>
>Not really - NTLM encryption keys are only loosely derived from the
>passwords. You should probably have strong ones though because brute
>force attacks are still possible.
Is it possible to get feedback from CVSNT if somebody is trying a
brute-force attack? (an email, a logfile ... ?)
And: To make brute-force impossible it would be great if I could set
up CVSNT to e.g. refuse connections for 5 minute after 3 logins
failed. And shuts down after 15 of this attacks.
What do you think?
Ralf
More information about the cvsnt
mailing list