[CentOS] what percent of time are there unpatched exploits against default config?

Thu Dec 29 14:24:03 UTC 2011
m.roth at 5-cent.us <m.roth at 5-cent.us>

Reindl Harald wrote:
> Am 29.12.2011 14:21, schrieb Marko Vojinovic:
>>> so explain me why discuss to use or not to use the best
>>> currently availbale method in context of security?
>> Using the ssh key can be problematic because it is too long and too
>> random to be memorized --- you have to carry it on a usb stick (or
>> whereever). This provides an additional point of failure should your
>> stick get lost or stolen.
>> Human brain is still by far the most secure information-storage device.
>> :-)
> this is bullshit
> most people have their ssh-key on a usb-stick
> normally a ssh-key is protected by a password
> this can be your 12-char password
Many US companies have gone past that. A number that I've worked for, and
the one I work for, all have used RSA keyfobs. To open the VPN link, you
need three pieces of information: userid, PIN (which is up to 8 chars min)
and the six digit code from the fob.

The US gov't has gone a different way: it issues CaC or PIV-II cards, and
you need a) a card reader attached or builtin to your system, b) the card,
and c) your PIN (8 digits).

In both cases, once you've got your VPN, *then* it will frequently be
asking for username & passwords for each different kind of access.