Whoops, sorry, thought this was offlist. mark, not reading closely enough. m.roth at 5-cent.us wrote: > Ljubomir, > > Ljubomir Ljubojevic wrote: >> On 01/03/2012 04:47 PM, m.roth at 5-cent.us wrote: >>> Having been on vacation, I'm coming in very late in this.... >>> >>> Les Mikesell wrote: >>>> On Tue, Jan 3, 2012 at 4:28 AM, Bennett >>>> Haselton<bennett at peacefire.org> >>>> wrote: >>> <snip> >>>>> OK but those are *users* who have their own passwords that they have >>>>> chosen, presumably. User-chosen passwords cannot be assumed to be >>>>> secure against a brute-force attack. What I'm saying is that if >>>>> you're the only user, by my reasoning you don't need fail2ban if >>>>> you just use a 12-character truly random password. >>>> >>>> But you aren't exactly an authority when you are still guessing about >>>> the cause of your problem, are you? (And haven't mentioned what your >>>> logs said about failed attempts leading up to the break in...). >>> >>> Further, that's a ridiculous assumption. Without fail2ban, or something >>> like it, they'll keep trying. You, instead, Bennett, are presumably >>> generating that "truly random" password[1] and assigning it to all your >>> users[2], and not allowing them to change their passwords, and you will >>> be >>> changing it occasionally and informing them of the change.[3] >>> >>> Right? >>> >>> 1. How will you generate "truly random"? Clicks on a Geiger counter? >>> There is no such thing as a random number generator. >>> 2. Which, being "truly random", they will write down somewhere, or >>> store >>> it on a key, labelling the file "mypassword" or some such. >>> 3. How will you notify them of their new password - in plain text? >> >> Bennet was/is the only one using those systems, and only as root. No > > Ohhhh.... > >> additional users existed prior to breach. And he is very persisting in >> placing his own opinion/belief above those he asks for help. That is why > > So he's not only not wanting to accept that he blew it, but wants > "validation" for that wrongheadedness. > >> we have such a long long long thread. It came to the point where I am >> starting to believe him being a troll. Not sure yet, but it is getting >> there. > > As long as no one's giving him support in his ideas, he's now got someone > outside himself (and the intruder) to be against. Just like the US right > wing.... >> >> I am writing this for your sake, not his. I decided to just watch from >> no on. This thread WAS very informative, I did lear A LOT, but enough is >> enough, and I spent far to much time reading this thread. > > Thanks for the offlist email. Happy new year to you. > > mark > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >