[CentOS] what percent of time are there unpatched exploits against default config?
夜神 岩男
supergiantpotato at yahoo.co.jp
Thu Dec 29 14:47:00 UTC 2011
On 12/29/2011 05:17 PM, Bennett Haselton wrote:
> On Wed, Dec 28, 2011 at 6:10 AM, Johnny Hughes<johnny at centos.org> wrote:
>> On 12/27/2011 10:42 PM, Bennett Haselton wrote:
> 2. Why have password logins at all? Using a secure ssh key only for
>> logins makes the most sense.
>>
>
> Well that's something that I'm curious about the reasoning behind -- if
> you're already using a completely random 12-character password, why would
> it be any more secure to use an ssh key? Even though the ssh key is more
> random, they're both sufficiently random that it would take at least
> hundreds of years to get in by trial and error.
I'm almost afraid to see the responses to this comment...
If you believe that passwords are as secure as SSH2 keys, then you've
got some homework to do before second guessing anyone's security policy.
I don't say that as a jab, I'm being totally serious.
The good side of this conversation is that you may become motivated to
learn about security as a hobby after this. Its a lot more interesting
than watching TV after work (but a lot less interesting than playing
with real people (friends, kids, wife, whatever)).
> 3. Please do not top post.
>>
>
> My bad. Gmail default. :)
It is the devil.
More information about the CentOS
mailing list