Re: an actual hacked machine, in a preserved state

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Bennett Haselton wrote:
> mark wrote:
<snip>
>>> 1. How will you generate "truly random"? Clicks on a Geiger counter?
>>> There is no such thing as a random number generator.
<snip>
> That there are 10^21 possible random 12-character alphanumeric passwords
> -- making it secure against brute-forcing -- is a fact, not an opinion.
>
> To date, *nobody* on this thread has ever responded when I said that
> there are 10^21 possible such passwords and as such I don't think that
> the password can be brute-forced in that way.  Almost every time I said

Ok, I'll answer, here and now: YOU IGNORED MY QUESTION: HOW WILL YOU
"RANDOMLY" GENERATE THE PASSWORDS? All algorithmic ones are pseudo-random.
If someone has any idea what the o/s is, they can guess which
pseudo-random generator you're using, and can try different salts. Someone
here posted a link to the Rainbow tables, and precomputed partial lists.
<snip>
> Again: Do you think I'm wrong that if you use a 12-character mixed-case
> alphanumeric password, then switching to sshkeys or using fail2ban will
> not make the system any more secure?  If you think I'm wrong, why?  What
> is the exact scenario that you think those would prevent?

Without fail2ban, or something like it, they'll hit your system thousands
of times an hour, at least. Sooner or later, they'll get lucky.

But I suppose you'll ignore this, as well.

        mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux