Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Security is built in layers. Is it theoretically possible for someone on the network to observe the knock sequence? Yes. Is it likely to happen in any but the most adversarial of conditions? No. And if it’s implemented in a cryptographically secure way, like fwknop, then it’s really very good.


One of the oldest canards in security: "defense in depth", "security is built in layers", which you can use to justify any performative measure.


Can you expand on why you think it’s performative?


Why what's performative? Fail2ban? Because using passwords with SSH is malpractice, and if you aren't, fail2ban literally doesn't do anything.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: