On Wed, 3 Oct 2007, Karl Larsen wrote:
I have sure heard a LOT about security updates and I have had my own
problems. For years I thought the only thing necessary was a good root
password. This year I found out with ssh around you need a good password for
your own login name. My problem was caused by having a super poor login
password which was my last name. Since the login name was karl it followed.
Fixed that problem with a real hard password for karl and root has a
changable hard password. In my olden working days we had safes for State
Secrets and they had what were called "one hour" locks and 30 minute burn
protection. We changed the combination every 6 months. Drove me bats!
So the question is this: If I have passwords that are safe for an hour,
is not my computer safe from tampering? I guess the Internet could send you a
file that works to discover passwords and then emails them to the sender? But
this is hard to do.
An hour of what?
Someone beating on it from outside? Someone who has gained the password
hashes and is running crack on them? Someone at the keyboard?
Time to break depends on what you use and the skill and/or determination
of the attacker.
--
Never trust a queue structure designed by a cryptographer.
