[CentOS] Another Fedora decision
Kahlil Hodgson
kahlil.hodgson at dealmax.com.auThu Feb 5 00:20:58 UTC 2015
- Previous message: [CentOS] Another Fedora decision
- Next message: [CentOS] Another Fedora decision
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 5 February 2015 at 10:36, Warren Young <wyml at etr-usa.com> wrote: > When the hashes are properly salted, the only option is brute force. All having /etc/shadow does for you is let you make billions of guesses per second instead of 5 guesses per minute, as you get with proper throttling on remote login avenues. Kinda highlights that 'time' is important here. Booting into a fresh system and then running updates and hardening your system can take a few minutes. There may be an appreciable difference between having a password that can be cracked in 1 second and one that takes an hour. (Yes, infrastructure can help mitigate this risk). I'm thinking of someone with limited infrastructure installing a system under time pressure. They might be tempted to use a very weak password initially with the expectation that they would get back to hardening the system later. If they are regularly under time pressure, that may never actually happen, or may be delayed for hours/days. An 8 character password might just nudge the probabilities in your favour and protect against a drive by attack. Does that sound like a reasonable case to protect against?
- Previous message: [CentOS] Another Fedora decision
- Next message: [CentOS] Another Fedora decision
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list