Justin Zygmont wrote:
On December 20, 2003 07:00 pm, Fraser Campbell wrote:
If you care about your traffic being private at all some encryption just makes sense ... encryption can be at the app layer (ssh, https, secure imap, etc.), at the network layer (vpn) or at both the app and network layer.
Also encryption doesn't stop people from being dumb. For example allowing password based authentication with sshd leaves a rather weak link in the chain (depending on users to use good passwords), IWO if you use strong encryption with weak authentication you might as well not bother.
but the password is encrypted in transfer right? maybe i'm wrong about this, but doesn't ssh use asymetric encryption initially, then symetric after the session key is established?
The problem with weak passwords, is that they're vulnerable to dictionary or social engineering attacks. For example, if you use your kid's name, someone who knows you, may try that first. On the other hand, if you were to use a sequence of characters generated by md5sum, that password would be resistant to those types of attacks. One method to reduce the risk of weak passwords, is to allow a fixed number of wrong passwords, before locking the account. The account can be locked for a period of time or until reset by the admin. -- The Toronto Linux Users Group. Meetings: http://tlug.ss.org TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
participants (1)
-
james.knott-bJEeYj9oJeDQT0dZR+AlfAļ¼ public.gmane.org