Re: what percent of time are there unpatched exploits against default config?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi Marko, 

> Using the ssh key can be problematic because it is too long and too random to 
> be memorized --- you have to carry it on a usb stick (or whereever). This 
> provides an additional point of failure should your stick get lost or stolen.

this is only correct when you use SSH keys without a sufficiently secure passphrase. Which you obviously should never do. If you have a passphrase with your key, finding or stealing the USB stick is completely useless, and even if someone gets at your key, your no worse off than with password authentication. 

> Human brain is still by far the most secure information-storage device. :-)

I strongly disgree. Social engineering is a very efficient way to get at other people's data.

> It is very inconvenient for people who need to login to their servers from 
> random remote locations (ie. people who travel a lot or work in hardware-
> controlled environment).

Agreed.

> Besides, it is essentially a question of overkill. If password is not good 
> enough, you could argue that the key is also not good enough --- two keys (or 
> a larger one) would be more secure. Where do you draw the line?

One key is indefinitely better than a password. The additional security you gain when you add another key is, however, disputable. 

Best regards, 

  Peter.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux