Re: what percent of time are there unpatched exploits against default config?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Reindl Harald wrote:
> Am 29.12.2011 14:21, schrieb Marko Vojinovic:
>>> so explain me why discuss to use or not to use the best
>>> currently availbale method in context of security?
>>
>> Using the ssh key can be problematic because it is too long and too
>> random to be memorized --- you have to carry it on a usb stick (or
>> whereever). This provides an additional point of failure should your
>> stick get lost or stolen.
>> Human brain is still by far the most secure information-storage device.
>> :-)
>
> this is bullshit
> most people have their ssh-key on a usb-stick
>
> normally a ssh-key is protected by a password
> this can be your 12-char password
<snip>
Many US companies have gone past that. A number that I've worked for, and
the one I work for, all have used RSA keyfobs. To open the VPN link, you
need three pieces of information: userid, PIN (which is up to 8 chars min)
and the six digit code from the fob.

The US gov't has gone a different way: it issues CaC or PIV-II cards, and
you need a) a card reader attached or builtin to your system, b) the card,
and c) your PIN (8 digits).

In both cases, once you've got your VPN, *then* it will frequently be
asking for username & passwords for each different kind of access.

         mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux