Re: Unknown rootkit causes compromised servers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Frank Cox <theatre@xxxxxxxxxxx> wrote:

>>
I have never understood this.  If I have a good, strong password that
nobody
knows, how is changing it to another one an improvement over what I already
have?
<<

Correct. Modern thinking is to teach people how to create a good, strong
password and then stick with it for a longer period than has traditionally
been the case. A rainbow tables attack against a captured hash can be done
in just a few seconds, so unless you're prepared to change your password
every few seconds, it's a futile gesture.

Because most sets of rainbow tables cover all combinations of upper/lower
case alpha, numeric and punctuation symbols, a strong password should
contain at least one control character, a composed character (using the
Alt+numpad technique) or some other non-printable character outside the
rainbow tables set. Or use two-factor authentication (RSA SecurID or
similar tokens, certificates, etc.).

Best,

--- Les Bell, RHCE, CISSP
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144
FreeWorldDialup: 800909


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux