1 |
On 11/10/2015 01:26 PM, Alan McKinnon wrote: |
2 |
> |
3 |
> I think you are approaching this problem from the wrong viewpoint. You |
4 |
> have to assume an attacker has vastly more resources to bear on the |
5 |
> problem than you have. Thanks to Amazon and the cloud, this is now a |
6 |
> very true reality. Brute force attacking a root password is nowhere near |
7 |
> as complex as the maths would lead you to believe; for one thing they |
8 |
> are decidedly not random. The fact is that they are heavily biased, |
9 |
> mostly due to 1) you need to be able to remember it and 2) you need to |
10 |
> be able to type it. |
11 |
> |
12 |
> Humans have been proven to be very bad at coming up with passwords that |
13 |
> are truly good[1] and hard for computers to figure out. And our brains |
14 |
> and very very VERY good at convincing us that our latest dumb idea is |
15 |
> awesome. Are you really going to protect the mother lode (root password) |
16 |
> with a single system proven to be quite broken and deeply flawed by wetware? |
17 |
> |
18 |
|
19 |
I know all that, but I asked you to assume that I'm not an idiot and |
20 |
that it would take forever to brute-force my root password =) |
21 |
|
22 |
I'm not going to tell you what it is, so you'll have to believe me. |
23 |
|
24 |
|
25 |
> Two factor auth is cheap (ssh-keygen and ssh-copy-id) and keys take the |
26 |
> human factor out of the first step. It's not security theatre nor cargo |
27 |
> culting, so why not use it and gain the benefits for minimal effort? |
28 |
> |
29 |
|
30 |
The rest of what you say is all true, but *given that no one is going to |
31 |
brute-force the root password*, what specific attack am I defending against? |
32 |
|
33 |
I'm not trying to be annoying -- if switching to two-factor auth will |
34 |
improve things, I'll do it -- but no one has ever been able to tell me |
35 |
what I'd gain from it. |