Wolfgang S. Rupprecht wrote: > > The core problem is to prevent someone from guessing users' passwords. > You aren't going to achieve real security by hiding this or that > attribute. If you don't want to worry about your users chosing bad > non-random passwords, don't let them. Force them to use a 1k-2k RSA key > for ssh and turn off all login types in sshd_config other than RSA2. > That way any attacker has to correctly guess a 1k-bit computer generated > number. That will almost certainly be much more secure than any > password users will chose. Then you can look at the ssh log files and > laugh. The universe isn't going to last long enough for them to guess > even a small fraction of the keys. > Unless someone builds a quantum computer that can implement the Shor algorithm for nontrivial cases :-) -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
