[CentOS] what percent of time are there unpatched exploits against default config?

Marko Vojinovic vvmarko at gmail.com
Thu Dec 29 13:21:11 UTC 2011


On Thursday 29 December 2011 13:07:56 Reindl Harald wrote:
> Am 29.12.2011 12:56, schrieb Leonard den Ottolander:
> > Hello Reindl,
> > 
> > On Thu, 2011-12-29 at 12:29 +0100, Reindl Harald wrote:
> >> Am 29.12.2011 09:17, schrieb Bennett Haselton:
> >>> Even though the ssh key is more
> >>> random, they're both sufficiently random that it would take at least
> >>> hundreds of years to get in by trial and error.
> >> 
> >> if you really think your 12-chars password is as secure
> >> as a ssh-key protcected with this password you should
> >> consider to take some education in security
> > 
> > Bennett clearly states that he understands the ssh key is more random,
> > but wonders why a 12 char password (of roughly 6 bits entropy per byte
> > assuming upper & lower case characters and numbers) wouldn't be
> > sufficient.
> 
> so explain me why discuss to use or not to use the best
> currently availbale method in context of security?

Using the ssh key can be problematic because it is too long and too random to 
be memorized --- you have to carry it on a usb stick (or whereever). This 
provides an additional point of failure should your stick get lost or stolen.
Human brain is still by far the most secure information-storage device. :-)

It is very inconvenient for people who need to login to their servers from 
random remote locations (ie. people who travel a lot or work in hardware-
controlled environment).

Besides, it is essentially a question of overkill. If password is not good 
enough, you could argue that the key is also not good enough --- two keys (or 
a larger one) would be more secure. Where do you draw the line?

Best, :-)
Marko





More information about the CentOS mailing list