Chris Samuel wrote:
----- "Robert G. Brown" <[EMAIL PROTECTED]> wrote:
IIRC almost any of the high-end encryption routines available within
linux are effectively uncrackable, certainly uncrackable to somebody
with less than NSA-class resources.
As long as the implementation is correct.. <cough>Debian SSL</cough>. :-)
N-tro-PEE? We dont need no steen-keen N-tro-PEE!
Get yer fresh hot bits here, all 15 of them.
Humans are always the weak links in these things,
whether that be implementation, crypto security or
just doing plain dumb things like sending an email
confirmation in the clear containing plain text
passwords that were submitted over SSL.
People spend lots of time and effort on security theater. Make up odd
rules for passwords. Make them hard to guess and crack. Well, is that
the vector for break-ins? Weak passwords?
I saw a linux machine (a cluster) rooted. It was rooted because of a
person with a windows laptop that happened to catch a key logger.
Crackers had been attempting to break in to that machine for a long
time, and here goes a grad student, and gives them the password. Worse,
this grad student acted in a way we advised against, and ran jobs from
root. Yeah, I know.
Security theater is troubling. It gives us sheep the appearance of
being secure, without any real additional value.
Opie and multi-factor are hard to beat. And no theater needed. Even
better, no worries about replay attacks with opie, or with a
multi-factor that disables a password upon use.
But even with these, you still need good *real* practices. A
non-security theater practice would limit the damage one can do in a
non-privileged setting. SElinux and Apparmor try to limit the damage
even in a secure setting, though I am not sure how well they do there.
Joe
--
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics LLC,
email: [EMAIL PROTECTED]
web : http://www.scalableinformatics.com
http://jackrabbit.scalableinformatics.com
phone: +1 734 786 8423
fax : +1 866 888 3112
cell : +1 734 612 4615
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
