[CentOS] an actual hacked machine, in a preserved state

Bennett Haselton bennett at peacefire.org
Wed Jan 4 00:32:58 UTC 2012

On 1/3/2012 2:13 PM, Lamar Owen wrote:
> On Sunday, January 01, 2012 06:27:32 PM Bennett Haselton wrote:
>> (I have already practically worn out my keyboard explaining the math behind
>> why I think a 12-character alphanumeric password is secure enough :) )
> Also see:
> https://lwn.net/Articles/369703/
The focus of this article seems to be on systems with multiple users 
where the admin can't necessarily trust all the users to make smart 
decisions.  I've already said that I can see why in that case it might 
be desirable to require users to use ssh keys instead of passwords, 
since you can't force users to use good passwords.  My point was that if 
you're the only user and you can make yourself use a 12-char password 
with enough entropy, that's good enough.


More information about the CentOS mailing list