Breakin attempts

Wolfgang S. Rupprecht wolfgang.rupprecht at gmail.com
Fri Apr 23 06:21:28 UTC 2010


David Liguori <liguorid at albany.edu> writes:
> Wolfgang S. Rupprecht wrote:
>> The core problem is to prevent someone from guessing users' passwords.
>> You aren't going to achieve real security by hiding this or that
>> attribute.  If you don't want to worry about your users chosing bad
>> non-random passwords, don't let them.  Force them to use a 1k-2k RSA key
>> for ssh and turn off all login types in sshd_config other than RSA2.
>> That way any attacker has to correctly guess a 1k-bit computer generated
>> number.  That will almost certainly be much more secure than any
>> password users will chose.  Then you can look at the ssh log files and
>> laugh.  The universe isn't going to last long enough for them to guess
>> even a small fraction of the keys.
>>   
> Unless someone builds a quantum computer that can implement the Shor 
> algorithm for nontrivial cases :-)

;-)  

I had to look that up.  Luckily there are going to be lots of papers
about it if folks can start factoring RSA keys of that length.

-wolfgang
-- 
Wolfgang S. Rupprecht
If the airwaves belong to the public why does the public only get 3
non-overlapping WIFI channels?


More information about the users mailing list