å¤ç¥ãå²©ç· wrote:
On 12/29/2011 10:21 PM, Marko Vojinovic wrote:
On Thursday 29 December 2011 13:07:56 Reindl Harald wrote:
Am 29.12.2011 12:56, schrieb Leonard den Ottolander:
On Thu, 2011-12-29 at 12:29 +0100, Reindl Harald wrote:
Am 29.12.2011 09:17, schrieb Bennett Haselton:
Even though the ssh key is more random, they're both sufficiently random that it would take at least hundreds of years to get in by trial and error.
if you really think your 12-chars password is as secure as a ssh-key protcected with this password you should consider to take some education in security
<snip>
It is very inconvenient for people who need to login to their servers from random remote locations (ie. people who travel a lot or work in hardware-controlled environment).
Besides, it is essentially a question of overkill. If password is not good enough, you could argue that the key is also not good enough --- two keys (or a larger one) would be more secure. Where do you draw the line?
<snip>
When traveling I log in to my home server and work servers with my laptop. Its really a *lot* easier than using a bunch of pasword schemes.
<snip> Ah, that brings to mind another issue with only passwords: synchronization. I worked as a subcontractor for a *huge* US co a few years ago. I've *never* had to write passwords down... but for there, I had a page of them! Our group's, the corporate test systems, the corporate *production* systems, and *each* had their own, along with their own password aging (there was *no* single sign-on), the contracting co's....
mark