passwordless ssh from laptop
Joel Rees
joel.rees at gmail.com
Thu Dec 29 23:16:39 UTC 2016
On Thu, Dec 29, 2016 at 9:06 PM, Eero Volotinen <eero.volotinen at iki.fi> wrote:
> [stuff I moved into the context I assume was meant, if I was wrong, correct me.]
> --
> Eero
>
> 2016-12-29 3:31 GMT+02:00 Joel Rees <joel.rees at gmail.com>:
>>
>> On Mon, Dec 26, 2016 at 11:13 PM, Chris Green <cl at isbd.net> wrote:
>> > On Mon, Dec 26, 2016 at 11:15:01AM +0000, Colin Law wrote:
>> >> > How is a 'long, strong passphrase' any better than a 'long, strong
>> >> > password'? As a user I have to remember either one or the other,
>> >> > it's
>> >> > no easier to use a long, strong key than it is to use that same
>> >> > string
>> >> > as a password.
>> >>
>> >> Because you need both the key and the passphrase. The hackers probing
>> >> your server from the other side of the world will have no chance of
>> >> getting in (they concentrate on guessing user names and passwords) and
>> >> even someone who (for example) steals your laptop, and so has access
>> >> to the key, still has to guess the passphrase.
>> >>
>> > In that case though (stolen, or access to, laptop) the intruder has
>> > unlimited access and can apply brute force methods. If [s]he's
>> > guessing passwords remotely that's not so possible.
>>
>> How many cores and how much RAM in what configuration on that special
>> purpose passphrase cracker being used for bruteforce, or are we
>> talking about passphrases like "I love Lucy."? (As opposed to "I love
>> Lucy's hotdogs in my p!cnic basket on a trip to Mars.")
[I think the above is what Eero was responding to.]
> Well. Many people are using too short passwords
> on (keyfiles, disk
> encryption) that you can easily crack using amazon gpu instances or normal
> workstations with nvidia gfx cards..
>
> Usually just throw some generic wordlist and it takes about day. I have seen
> this on reality :)
So, if one uses a proper encryption token when encrypting a hard disk,
the data on the disk can be made secure? (... assuming one does not
use the manufacturer-supplied encruption that has backdoors built in
for certain not-to-be-named institutions with more money than they
should have.)
>> And did we remember to tarpit and/or auto-blacklist bad password attempts?
--
Joel Rees
I'm imagining I'm a novelist:
http://reiisi.blogspot.jp/p/novels-i-am-writing.html
More information about the ubuntu-users
mailing list