Reindl Harald wrote: > Am 29.12.2011 14:21, schrieb Marko Vojinovic: >>> so explain me why discuss to use or not to use the best >>> currently availbale method in context of security? >> >> Using the ssh key can be problematic because it is too long and too >> random to be memorized --- you have to carry it on a usb stick (or >> whereever). This provides an additional point of failure should your >> stick get lost or stolen. >> Human brain is still by far the most secure information-storage device. >> :-) > > this is bullshit > most people have their ssh-key on a usb-stick > > normally a ssh-key is protected by a password > this can be your 12-char password <snip> Many US companies have gone past that. A number that I've worked for, and the one I work for, all have used RSA keyfobs. To open the VPN link, you need three pieces of information: userid, PIN (which is up to 8 chars min) and the six digit code from the fob. The US gov't has gone a different way: it issues CaC or PIV-II cards, and you need a) a card reader attached or builtin to your system, b) the card, and c) your PIN (8 digits). In both cases, once you've got your VPN, *then* it will frequently be asking for username & passwords for each different kind of access. mark _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos