Security basics

alan alan at clueserver.org
Wed Oct 3 20:15:36 UTC 2007


On Wed, 3 Oct 2007, Karl Larsen wrote:

>   I have sure heard a LOT about security updates and I have had my own 
> problems. For years I thought the only thing necessary was a good root 
> password. This year I found out with ssh around you need a good password for 
> your own login name. My problem was caused by having a super poor login 
> password which was my last name. Since the login name was karl it followed.
>
>   Fixed that problem with a real hard password for karl and root has a 
> changable hard password. In my olden working days we had safes for State 
> Secrets and they had what were called "one hour" locks and 30 minute burn 
> protection.  We changed the combination every 6 months. Drove me bats!
>
>    So the question is this: If I have passwords that are safe for an hour, 
> is not my computer safe from tampering? I guess the Internet could send you a 
> file that works to discover passwords and then emails them to the sender? But 
> this is hard to do.

An hour of what?

Someone beating on it from outside? Someone who has gained the password 
hashes and is running crack on them? Someone at the keyboard?

Time to break depends on what you use and the skill and/or determination 
of the attacker.

-- 
Never trust a queue structure designed by a cryptographer.




More information about the users mailing list