Quote Originally Posted by jeffcobb View Post
For password-based authentication however it makes nothing I said any the less valid. [...] the thing with the above-mentioned attack is that while brute force, due to the nature of the relaxed timing it often falls below the radar of the typical IDS and therefore can go on for years w/o detection. To me, the attack that you cannot even see coming, lame or not is one of the most dangerous kinds...
Yeah, but it sounds to me like this is just a product of pure ignorance, laziness, and or stupidity -- not using public/private keys. I'm not surprised at all that people get cracked that way. If you left your car parked downtown with the windows rolled down and the keys on the front seat, how many nights do you think would go by before there was a "startling security violation"?

Slow brute force attacks may be "insidious" and "undetectable", and maybe great if you are (patiently) phishing for access to someone's facebook page, but versus a 1600 byte key, who cares? They will still be plodding insidiously along when the sun burns out -- when the known universe collapses in upon itself. Etc.

Please. People. Use the keys.