David Liguori <liguorid@xxxxxxxxxx> writes: > Wolfgang S. Rupprecht wrote: >> The core problem is to prevent someone from guessing users' passwords. >> You aren't going to achieve real security by hiding this or that >> attribute. If you don't want to worry about your users chosing bad >> non-random passwords, don't let them. Force them to use a 1k-2k RSA key >> for ssh and turn off all login types in sshd_config other than RSA2. >> That way any attacker has to correctly guess a 1k-bit computer generated >> number. That will almost certainly be much more secure than any >> password users will chose. Then you can look at the ssh log files and >> laugh. The universe isn't going to last long enough for them to guess >> even a small fraction of the keys. >> > Unless someone builds a quantum computer that can implement the Shor > algorithm for nontrivial cases :-) ;-) I had to look that up. Luckily there are going to be lots of papers about it if folks can start factoring RSA keys of that length. -wolfgang -- Wolfgang S. Rupprecht If the airwaves belong to the public why does the public only get 3 non-overlapping WIFI channels? -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
