Posted by: Anonymous Coward
on August 11, 2004 09:46 PM
I don't know the author, so I don't know why I'm taking such lengths to defend him (her?), but here goes:
> The author was mistaken about the effective key-length.
It looks that way, but the author may have really been talking about the implementor of the port-knocking service improperly limiting the ports that can be used, not the end-user. His subsequent quote would support that interpretation:
"Granted, this is a problem for the implementer and not for the end user, and the current (proof-of-concept) implementation appears to take care of the length issue."
So, I don't know. He could have gotten it wrong, or he could have worded the sentence poorly, and failed to clearly communicate that he was talking about the service implementor and not the service configurer (the end-user). I'm inclined to believe the latter because I don't think the author could have the obvious grasp of all these issues yet make such a simple mistake.