On 01/03/2012 04:47 PM, m.roth at 5-cent.us wrote: > Having been on vacation, I'm coming in very late in this.... > > Les Mikesell wrote: >> On Tue, Jan 3, 2012 at 4:28 AM, Bennett Haselton<bennett at peacefire.org> >> wrote: > <snip> >>> OK but those are *users* who have their own passwords that they have >>> chosen, presumably. User-chosen passwords cannot be assumed to be >>> secure against a brute-force attack. What I'm saying is that if you're >>> the only user, by my reasoning you don't need fail2ban if you just use a >>> 12-character truly random password. >> >> But you aren't exactly an authority when you are still guessing about >> the cause of your problem, are you? (And haven't mentioned what your >> logs said about failed attempts leading up to the break in...). > > Further, that's a ridiculous assumption. Without fail2ban, or something > like it, they'll keep trying. You, instead, Bennett, are presumably > generating that "truly random" password[1] and assigning it to all your > users[2], and not allowing them to change their passwords, and you will be > changing it occasionally and informing them of the change.[3] > > Right? > > mark > > 1. How will you generate "truly random"? Clicks on a Geiger counter? There > is no such thing as a random number generator. > 2. Which, being "truly random", they will write down somewhere, or store > it on a key, labelling the file "mypassword" or some such. > 3. How will you notify them of their new password - in plain text? Bennet was/is the only one using those systems, and only as root. No additional users existed prior to breach. And he is very persisting in placing his own opinion/belief above those he asks for help. That is why we have such a long long long thread. It came to the point where I am starting to believe him being a troll. Not sure yet, but it is getting there. I am writing this for your sake, not his. I decided to just watch from no on. This thread WAS very informative, I did lear A LOT, but enough is enough, and I spent far to much time reading this thread. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant