Re: Breakin attempts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



David Liguori <liguorid@xxxxxxxxxx> writes:
> Wolfgang S. Rupprecht wrote:
>> The core problem is to prevent someone from guessing users' passwords.
>> You aren't going to achieve real security by hiding this or that
>> attribute.  If you don't want to worry about your users chosing bad
>> non-random passwords, don't let them.  Force them to use a 1k-2k RSA key
>> for ssh and turn off all login types in sshd_config other than RSA2.
>> That way any attacker has to correctly guess a 1k-bit computer generated
>> number.  That will almost certainly be much more secure than any
>> password users will chose.  Then you can look at the ssh log files and
>> laugh.  The universe isn't going to last long enough for them to guess
>> even a small fraction of the keys.
>>   
> Unless someone builds a quantum computer that can implement the Shor 
> algorithm for nontrivial cases :-)

;-)  

I had to look that up.  Luckily there are going to be lots of papers
about it if folks can start factoring RSA keys of that length.

-wolfgang
-- 
Wolfgang S. Rupprecht
If the airwaves belong to the public why does the public only get 3
non-overlapping WIFI channels?
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux