Re: Breakin attempts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2010-04-22 at 23:21 -0700, Wolfgang S. Rupprecht wrote:
> David Liguori <liguorid@xxxxxxxxxx> writes:
> > Wolfgang S. Rupprecht wrote:
> >> The core problem is to prevent someone from guessing users' passwords.
> >> You aren't going to achieve real security by hiding this or that
> >> attribute.  If you don't want to worry about your users chosing bad
> >> non-random passwords, don't let them.  Force them to use a 1k-2k RSA key
> >> for ssh and turn off all login types in sshd_config other than RSA2.
> >> That way any attacker has to correctly guess a 1k-bit computer generated
> >> number.  That will almost certainly be much more secure than any
> >> password users will chose.  Then you can look at the ssh log files and
> >> laugh.  The universe isn't going to last long enough for them to guess
> >> even a small fraction of the keys.
> >>   
> > Unless someone builds a quantum computer that can implement the Shor 
> > algorithm for nontrivial cases :-)
> 
> ;-)  
> 
> I had to look that up.  Luckily there are going to be lots of papers
> about it if folks can start factoring RSA keys of that length.

More to the point, there would be widespread panic among banks and
online shopping sites, webmail sites, and anywhere else that relies on a
public-key based security model, which is essentially all of them.

Luckily the chances of this happening in the short to medium term seem
very low. IIRC the current record for quantum computers is factoring the
number 15. Getting up to the hundreds of bits is going to be very very
difficult (you can't just string a bunch of smaller ones together like a
conventional computer).

poc

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux