| 1 |
On 11/10/2015 01:26 PM, Alan McKinnon wrote: |
| 2 |
> |
| 3 |
> I think you are approaching this problem from the wrong viewpoint. You |
| 4 |
> have to assume an attacker has vastly more resources to bear on the |
| 5 |
> problem than you have. Thanks to Amazon and the cloud, this is now a |
| 6 |
> very true reality. Brute force attacking a root password is nowhere near |
| 7 |
> as complex as the maths would lead you to believe; for one thing they |
| 8 |
> are decidedly not random. The fact is that they are heavily biased, |
| 9 |
> mostly due to 1) you need to be able to remember it and 2) you need to |
| 10 |
> be able to type it. |
| 11 |
> |
| 12 |
> Humans have been proven to be very bad at coming up with passwords that |
| 13 |
> are truly good[1] and hard for computers to figure out. And our brains |
| 14 |
> and very very VERY good at convincing us that our latest dumb idea is |
| 15 |
> awesome. Are you really going to protect the mother lode (root password) |
| 16 |
> with a single system proven to be quite broken and deeply flawed by wetware? |
| 17 |
> |
| 18 |
|
| 19 |
I know all that, but I asked you to assume that I'm not an idiot and |
| 20 |
that it would take forever to brute-force my root password =) |
| 21 |
|
| 22 |
I'm not going to tell you what it is, so you'll have to believe me. |
| 23 |
|
| 24 |
|
| 25 |
> Two factor auth is cheap (ssh-keygen and ssh-copy-id) and keys take the |
| 26 |
> human factor out of the first step. It's not security theatre nor cargo |
| 27 |
> culting, so why not use it and gain the benefits for minimal effort? |
| 28 |
> |
| 29 |
|
| 30 |
The rest of what you say is all true, but *given that no one is going to |
| 31 |
brute-force the root password*, what specific attack am I defending against? |
| 32 |
|
| 33 |
I'm not trying to be annoying -- if switching to two-factor auth will |
| 34 |
improve things, I'll do it -- but no one has ever been able to tell me |
| 35 |
what I'd gain from it. |
Archives