[CentOS] what percent of time are there unpatched exploits against default config?
Reindl Harald
h.reindl at thelounge.net
Thu Dec 29 14:28:26 UTC 2011
Am 29.12.2011 15:24, schrieb m.roth at 5-cent.us:
> Reindl Harald wrote:
>> Am 29.12.2011 14:21, schrieb Marko Vojinovic:
>>>> so explain me why discuss to use or not to use the best
>>>> currently availbale method in context of security?
>>>
>>> Using the ssh key can be problematic because it is too long and too
>>> random to be memorized --- you have to carry it on a usb stick (or
>>> whereever). This provides an additional point of failure should your
>>> stick get lost or stolen.
>>> Human brain is still by far the most secure information-storage device.
>>> :-)
>>
>> this is bullshit
>> most people have their ssh-key on a usb-stick
>>
>> normally a ssh-key is protected by a password
>> this can be your 12-char password
> <snip>
> Many US companies have gone past that.
>
> A number that I've worked for, and
> the one I work for, all have used RSA keyfobs. To open the VPN link, you
> need three pieces of information: userid, PIN (which is up to 8 chars min)
> and the six digit code from the fob.
>
> The US gov't has gone a different way: it issues CaC or PIV-II cards, and
> you need a) a card reader attached or builtin to your system, b) the card,
> and c) your PIN (8 digits).
>
> In both cases, once you've got your VPN, *then* it will frequently be
> asking for username & passwords for each different kind of access.
why do you not tell this the idiot who is argumentating against kyes
and thinks using password-login is smart?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20111229/3a76f834/attachment.sig>
More information about the CentOS
mailing list