Displaying 1 result from an estimated 1 matches for "overplay".
Did you mean:
overlay
2012 Jan 20
2
Regarding Pubkey Enumeration
...ed that, given a pubkey (and not the
corresponding private key, as might be found in authorized_keys), he can
determine if he'd be able to log into an account.
It's a small thing, but he's using it for very interesting
recon/deanonymization. He'll be releasing a paper shortly, not overplaying
the characteristic, but certainly showing it can be used to do cute things.
I expect this is easily fixable -- simply provide the challenge for a
pubkey whether or not it'd actually be able to log in successfully. But
it's worth exploring this space -- perhaps some clients behave badly...