Re: what percent of time are there unpatched exploits against default config?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 12/29/2011 05:17 PM, Bennett Haselton wrote:
> On Wed, Dec 28, 2011 at 6:10 AM, Johnny Hughes<johnny@xxxxxxxxxx>  wrote:
>> On 12/27/2011 10:42 PM, Bennett Haselton wrote:
> 2.  Why have password logins at all?  Using a secure ssh key only for
>> logins makes the most sense.
>>
>
> Well that's something that I'm curious about the reasoning behind -- if
> you're already using a completely random 12-character password, why would
> it be any more secure to use an ssh key?  Even though the ssh key is more
> random, they're both sufficiently random that it would take at least
> hundreds of years to get in by trial and error.

I'm almost afraid to see the responses to this comment...

If you believe that passwords are as secure as SSH2 keys, then you've 
got some homework to do before second guessing anyone's security policy. 
I don't say that as a jab, I'm being totally serious.

The good side of this conversation is that you may become motivated to 
learn about security as a hobby after this. Its a lot more interesting 
than watching TV after work (but a lot less interesting than playing 
with real people (friends, kids, wife, whatever)).

> 3.  Please do not top post.
>>
>
> My bad.  Gmail default. :)

It is the devil.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux