ut is instead a LUKS passphrase, then a
very different piece of advice applies: DO NOT REBOOT THE SYSTEM UNDER
ANY CIRCUMSTANCES.
I have realized that every Debian manual has a note on resetting root
password, but the topic is more extensive. E.g. there may be grub
password besides LUKS.
init=/b
On Fri, Nov 22, 2024 at 9:27 AM The David wrote:
> We have been using the debian 3.2.0-4-686-pae for our company. We are moving
> to another state and we forgot the password. Is there anyway to recover this
> without losing data? Thank you.
Yikes! That kernel goes back to Debian 7 -
On 23/11/24 02:16, fxkl4...@protonmail.com wrote:
i'm using the latest release of firefox, 132.0.2
it's very annoying
i use the password manager and have a password
previously firefox would ask for my password when i start it
now it ask for my password every time i encounter a site lo
e...@gmx.us wrote:
> On 11/22/24 11:56, The David wrote:
> > We have been using the debian 3.2.0-4-686-pae for our company. We are
> > moving to another state and we forgot the password. Is there anyway to
> > recover this without losing data? Thank you.
>
> Boot
lso inadvisable. The next stable release of Debian (coming next year)
will not have 32-bit kernel or installer so you're going to need to
switch in the near future anyway to keep up to date.
> We are moving to another state and we forgot the password. Is there
> anyway to recover this without lo
On Fri, 22 Nov 2024 16:56:23 +
The David wrote:
> We have been using the debian 3.2.0-4-686-pae for our company. We are
> moving to another state and we forgot the password. Is there anyway
> to recover this without losing data? Thank you.
You can boot the machine with a live syst
i'm using the latest release of firefox, 132.0.2
it's very annoying
i use the password manager and have a password
previously firefox would ask for my password when i start it
now it ask for my password every time i encounter a site login screen
is there a way stop this without di
On 22 Nov 2024 12:40 -0500, from e...@gmx.us:
>> We have been using the debian 3.2.0-4-686-pae for our company. We
>> are moving to another state and we forgot the password. Is there
>> anyway to recover this without losing data? Thank you.
>
> Boot off rescue m
On Fri, Nov 22, 2024 at 04:56:23PM +, The David wrote:
> We have been using the debian 3.2.0-4-686-pae for our company. We are moving
> to another state and we forgot the password. Is there anyway to recover this
> without losing data? Thank you.
Which password?
If it is some
On 11/22/24 11:56, The David wrote:
> We have been using the debian 3.2.0-4-686-pae for our company. We are moving
> to another state and we forgot the password. Is there anyway to recover this
> without losing data? Thank you.
Boot off rescue media, mount the victim's / parti
We have been using the debian 3.2.0-4-686-pae for our company. We are moving to
another state and we forgot the password. Is there anyway to recover this
without losing data? Thank you.
Sincerely,
David
Have a good day!
Chris Green wrote:
> Dan Ritter wrote:
> > Chris Green wrote:
> > > I'd like to force a different password from my own password when I do
> > > 'sudo -i' to get root privilege. However I'm a bit frightened about
> > > what might h
Dan Ritter wrote:
> Chris Green wrote:
> > I'd like to force a different password from my own password when I do
> > 'sudo -i' to get root privilege. However I'm a bit frightened about
> > what might happen if I set 'Defaults rootpw' in the su
Chris Green wrote:
> I'd like to force a different password from my own password when I do
> 'sudo -i' to get root privilege. However I'm a bit frightened about
> what might happen if I set 'Defaults rootpw' in the sudoers file but
> forget to actually c
I am to tired to test this now - but I guess as prerequisite you should
then give the root user a password. A long time ago I was "providing"
root with a password in some Debian or Ubuntu system using 'passwd'.
sudo should not cope with an undefined root password, a
I'd like to force a different password from my own password when I do
'sudo -i' to get root privilege. However I'm a bit frightened about
what might happen if I set 'Defaults rootpw' in the sudoers file but
forget to actually create a root password. (This is on sy
Response below/inline for email Paul M. Foster wrote:
> (original email sent 8 Oct 2024 at 20:50)
>
> Let me provide a dissenting view. I use "pass".
+1
it allows for a hierarchical representation of the different entries and
bonus marks because there is an excellent Emacs mode.
--
Eric S Frag
On October 8, 2024 7:50:29 PM CDT, "Paul M. Foster"
wrote:
>On 10/8/24 19:11, fxkl4...@protonmail.com wrote:
>> what are y'alls recommendations for a password manager
>> i've always used firefox's builtin manager
>> but it's gotten to whe
On 09/10/2024 06:11, fxkl4...@protonmail.com wrote:
what are y'alls recommendations for a password manager
Have you had a look into mailing list archives? E.g.
<https://lists.debian.org/msgid-search/20231109110553.10261...@yosemite.mars.lan>
Password managers. Thu, 9 Nov 2023 11:05:53 -0500
On Wed, Oct 09, 2024 at 17:39:53 -0400, e...@gmx.us wrote:
> Wow. Thanks for explaining that. Fortunately, I only have Debian and plan
> to change things as little as possible in the future, so I think that if I
> leave things as they are, they'll keep working for a while. I do have
> ~/.xsessio
On 10/9/24 17:09, Greg Wooledge wrote:
On Wed, Oct 09, 2024 at 15:55:35 -0400, e...@gmx.us wrote:
That worked. Maybe ~/.xinitrc is an old location? I'll probably leave it
there unless there's a good reason to move it.
[algorithm from heck]
If reading this leads you to scream "WHY in the HE
Hi,
Le 09/10/2024, Greg Wooledge a écrit:
> If reading this leads you to scream "WHY in the HELL is it this
> COMPLICATED?!", know that you are not alone. Unfortunately, this is
> only a small part of the picture. The full picture is even worse.
Yup, I'm pretty sure there was also ~/.dmrc at
On Wed, Oct 09, 2024 at 15:55:35 -0400, e...@gmx.us wrote:
> That worked. Maybe ~/.xinitrc is an old location? I'll probably leave it
> there unless there's a good reason to move it.
.xinitrc is the dotfile used by startx across multiple Unix/Linux
implementations.
Debian's startx will use that
On 10/9/24 10:05, e...@gmx.us wrote:
On 10/8/24 22:11, Ash Joubert wrote:
To set environment variables for applications started by XFCE, add
lines before the last line in ~/.config/xfce4/xinitrc
That file doesn't exist, but this one might work:
eben@cerberus:~$ stat ~/.xinitrc
...
I put
://bitwarden.com/
[2] https://github.com/dani-garcia/vaultwarden
On 09/10/2024 01:11, fxkl4...@protonmail.com wrote:
what are y'alls recommendations for a password manager
i've always used firefox's builtin manager
but it's gotten to where it only works about half the time
it
KeepPass here as well, and (not my choice) a proprietary locker at work.
Can't help responding to someone with a Life glider in their sig :-)
On Tue, Oct 8, 2024, 9:30 PM Dan Purgert wrote:
> On Oct 08, 2024, fxkl4...@protonmail.com wrote:
> > what are y'alls recommendat
On 10/8/24 22:11, Ash Joubert wrote:
On 2024-10-09 13:38, e...@gmx.us wrote:
On 10/8/24 20:13, Ash Joubert wrote:
On 2024-10-09 13:00, e...@gmx.us wrote:
I use (and like) keepassx. The only thing I don't like is right now
the type is really small. It used to be readable.
keepassxc is a Qt5
On Wed, Oct 09, 2024 at 09:52:13 +0700, Max Nikulin wrote:
> On 09/10/2024 07:38, e...@gmx.us wrote:
> >
> > Huh. If I run it from a terminal emulator it looks fine, but if XFCE
> > launches it the text is tiny. Looks like QT_QPA_PLATFORMTHEME isn't being
> > set. Which means something is runni
On 09/10/2024 07:38, e...@gmx.us wrote:
Huh. If I run it from a terminal emulator it looks fine, but if XFCE
launches it the text is tiny. Looks like QT_QPA_PLATFORMTHEME isn't being
set. Which means something is running a not-login shell, something between
startx and xfwm. It's defined in ~
On 2024-10-09 13:38, e...@gmx.us wrote:
On 10/8/24 20:13, Ash Joubert wrote:
On 2024-10-09 13:00, e...@gmx.us wrote:
I use (and like) keepassx. The only thing I don't like is right now
the type is really small. It used to be readable.
keepassxc is a Qt5 application and honours Qt font settin
On 10/8/24 19:11, fxkl4...@protonmail.com wrote:
what are y'alls recommendations for a password manager
i've always used firefox's builtin manager
but it's gotten to where it only works about half the time
it's a pita looking up and typing long cryptic passwords
and i&
On 10/8/24 20:13, Ash Joubert wrote:
On 2024-10-09 13:00, e...@gmx.us wrote:
I use (and like) keepassx. The only thing I don't like is right now
the type is really small. It used to be readable.
keepassxc is a Qt5 application and honours Qt font settings. Under XFCE,
I use qt5ct and set the
On 09/10/2024 00:11, fxkl4...@protonmail.com wrote:
what are y'alls recommendations for a password manager
i've always used firefox's builtin manager
but it's gotten to where it only works about half the time
it's a pita looking up and typing long cryptic passwords
and
On 2024-10-09 13:00, e...@gmx.us wrote:
I use (and like) keepassx. The only thing I don't like is right now the
type is really small. It used to be readable.
keepassxc is a Qt5 application and honours Qt font settings. Under XFCE,
I use qt5ct and set the environment variable QT_QPA_PLATFORMT
On 2024-10-09 12:11, fxkl4...@protonmail.com wrote:
what are y'alls recommendations for a password manager
i've always used firefox's builtin manager
but it's gotten to where it only works about half the time
it's a pita looking up and typing long cryptic passwords
On 10/8/24 19:11, fxkl4...@protonmail.com wrote:
what are y'alls recommendations for a password manager
i've always used firefox's builtin manager
but it's gotten to where it only works about half the time
it's a pita looking up and typing long cryptic passwords
and i
On Wed, Oct 9, 2024, at 00:11, fxkl4...@protonmail.com wrote:
> what are y'alls recommendations for a password manager
> i've always used firefox's builtin manager
> but it's gotten to where it only works about half the time
> it's a pita looking up and typing
On Oct 08, 2024, fxkl4...@protonmail.com wrote:
> what are y'alls recommendations for a password manager
keepassxc here.
--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860
signature.asc
Description: PGP signature
what are y'alls recommendations for a password manager
i've always used firefox's builtin manager
but it's gotten to where it only works about half the time
it's a pita looking up and typing long cryptic passwords
and i'm lazy
On Mon, 27 May 2024, Curt wrote:
On 2024-05-26, Tim Woodall wrote:
Anyone got any ideas how to disable this?
If you have ~/.alpine.passfile apparently it will keep asking, but maybe
you don't, in which case I'm stumped.
Thanks, no that file doesn't exist. I'm a bit stumped too - and ano
On 2024-05-26, Tim Woodall wrote:
>
> Anyone got any ideas how to disable this?
>
>
If you have ~/.alpine.passfile apparently it will keep asking, but maybe
you don't, in which case I'm stumped.
I start alpine with the following alias
alias pine='alpine -p
\{imap202.home.woodall.me.uk/norsh/tls/user=tim\}remote_pinerc'
and after entering my password I get:
Preserve password on DISK for next login? [y]:
I don't want to do this. My googling suggested that I coul
Welcome to TNG eWallet Careline Support! We have received your inquiry and
happy to assist you.
In order for us to assist you further, please sign up an account by clicking
the link at the bottom of this email.
Upon signed up, a ticket number will be sent to you in a separate email and our
Car
Am 25.04.2024 schrieb David Mehler :
> Since changing systems to Debian 12.5 I can't send, though checking
> the password with a manual login to Dovecot works fine.
Sending mails is SMTP and therefore postfix on your machine.
It can use PAM for auth. Do you use PAM?
Hello,
I have a quick question. Can Debian, and/or it's
Postfix/Dovecot/MySQL/MariaDB packages support the argon2 password
hashing scheme? I had a previously-working e-mail setup on a *BSD
system, utilizing the argon2ID scheme with Dovecot, Postfix, and MySQL.
Since changing syste
On 22 Mar 2024 20:01 -0400, from ler...@gmail.com (Lee):
> The IPv4 address space is only 32 bits long. Scanning 2^32 = about
> 4,000,000,000 addresses for an open port is easily doable.
> The IPv6 address space is a bit harder... Let's just say that 7/8th
> of the IPv6 address space is reserved[
On 22 Mar 2024 17:26 +0500, from avbe...@gmail.com (Alexander V. Makartsev):
> This is because of how IPv4 network address translation (NAT) works, to
> allow multiple LAN hosts to connect to Internet with single IP address
> assigned by Internet Service Provider (ISP).
A NAT router might also
On Fri, Mar 22, 2024 at 9:02 AM Jan Krapivin wrote:
>
> The thing that bothers me are words: "any computer (and a fortiori any
> server) connected to the Internet is regularly targeted by automated
> connection attempts"
Change it to "any computer (and a fortiori any server) >>using IPv4
and di
On 22.03.2024 14:57, Jan Krapivin wrote:
чт, 21 мар. 2024 г. в 22:34, Alexander V. Makartsev :
This conclusion seems less than optimal to me.
By condemning yourself to type 12+ character password every time
you 'sudo' would really hurt accessibility and usability of you
On Fri, 22 Mar 2024 12:57:20 +0300
Jan Krapivin wrote:
> чт, 21 мар. 2024 г. в 22:34, Alexander V. Makartsev
> :
>
> > This conclusion seems less than optimal to me.
> > By condemning yourself to type 12+ character password every time you
> > 'sudo' would re
чт, 21 мар. 2024 г. в 22:34, Alexander V. Makartsev :
> This conclusion seems less than optimal to me.
> By condemning yourself to type 12+ character password every time you
> 'sudo' would really hurt accessibility and usability of your home computer
> and for no good r
On 20.03.2024 20:28, Jan Krapivin wrote:
I must mention that "32 characters" is only my guess.
In the Handbook it is said: "The root user's password should be long
(12 characters or more) and impossible to guess."
Also, i must again say that in my case we speak
>
> You don't need a threat model to understand why writing a password on a
> paper is generally a bad practice.
>
> But since you invest this much energy on defending a bad practice, I'll
> let you keep the trend alone.
>
I have written down key passwords which
On Wed, Mar 20, 2024 at 3:50 PM Pierre-Elliott Bécue wrote:
>
> De : Lee
> À : Pierre-Elliott Bécue
> Cc : Debian Users ML
> Date : 20 mars 2024 20:40:52
> Objet : Re: Root password strength
>
> > On Wed, Mar 20, 2024 at 1:47 PM Pierre-Elliott Bécue wrote:
> >
On Wed, Mar 20, 2024 at 2:34 PM Pierre-Elliott Bécue wrote:
>
> Jeffrey Walton wrote on 20/03/2024 at 19:16:16+0100:
>
> [...]
> >> Noone asks someone to remember more than two or three passwords. The
> >> rest belongs to a password manager.
> >
> >
De : Lee
À : Pierre-Elliott Bécue
Cc : Debian Users ML
Date : 20 mars 2024 20:40:52
Objet : Re: Root password strength
> On Wed, Mar 20, 2024 at 1:47 PM Pierre-Elliott Bécue wrote:
>>
>> Brad Rogers wrote on 20/03/2024 at 18:39:30+0100:
>>> On Wed, 20 Mar 2024 1
On Wed, Mar 20, 2024 at 1:47 PM Pierre-Elliott Bécue wrote:
>
> Brad Rogers wrote on 20/03/2024 at 18:39:30+0100:
> > On Wed, 20 Mar 2024 17:09:31 +0100
> > Pierre-Elliott Bécue wrote:
> >
> > Hello Pierre-Elliott,
> >
> >>Most of the tim
John Hasler wrote on 20/03/2024 at 19:35:42+0100:
> Pierre-Elliott Bécue writes:
>> My home sees plenty different people coming in. Some I trust, some I
>> trust less. Also videocalls is a nice way to get a paper password
>> recorded (and yes it happens).
>
> I keep m
tomas writes:
> Actually, I use between pwgen -n 8 (user pw) and pwgen -n 16 (LUKS
> encryption).
-n is the default for pwgen. Note that this slightly reduces the size
of the search space. Unfortunately many sites require it.
> I memorize the most important of them.
I memorize the ones I use m
a rather bad cybersecurity approach.
>
> I use password generators and vaults for all my passwords. Nothing
> wrong with my cyber-security.
When you state that something like "writing down" a password is
reasonable in one's home as if this actual home were a heaven of safety,
Pierre-Elliott Bécue writes:
> My home sees plenty different people coming in. Some I trust, some I
> trust less. Also videocalls is a nice way to get a paper password
> recorded (and yes it happens).
I keep my passwords in a small book the size of a passport and I secure
it the same way
03/2024 at 16:58:01+0100:
>> >> >>
>> >> >> > Pierre-Elliott Bécue writes:
>> >> >> >> A phrase you will easily remember but that would be hardcore to
>> >> >> >> guess
>> >> >> >> t
On Wed, 20 Mar 2024 18:46:04 +0100
Pierre-Elliott Bécue wrote:
Hello Pierre-Elliott,
>You have a rather bad cybersecurity approach.
I use password generators and vaults for all my passwords. Nothing
wrong with my cyber-security.
Also note that I put 'written down' in single qu
Michael Kjörling <2695bd53d...@ewoof.net> wrote on 20/03/2024 at 19:04:10+0100:
> On 20 Mar 2024 18:46 +0100, from p...@debian.org (Pierre-Elliott Bécue):
>>>> Most of the time, writing down a password is a very bad idea.
>>>
>>> Not in your own home.
writes:
> >> >> >> A phrase you will easily remember but that would be hardcore to guess
> >> >> >> through social engineering is perfect.
> >> >> >
> >> >> > Better is a random string that you write down. When people try
On 20 Mar 2024 17:07 +0100, from p...@debian.org (Pierre-Elliott Bécue):
> Let's stop to overcomplexify, the best course of action for passwords
> you need to remember are passphrases, and to this matter, Randall nailed
> the matter properly.
If you're referring to https://xkcd.com/936/ I believe
On 20 Mar 2024 18:46 +0100, from p...@debian.org (Pierre-Elliott Bécue):
>>> Most of the time, writing down a password is a very bad idea.
>>
>> Not in your own home. And in any event, it depends where one keeps that
>> 'written down' password.
>>
On Wed, Mar 20, 2024 at 11:02:41AM -0500, John Hasler wrote:
> Use one of the password generating programs such as pwgen to produce a
> 12 character random password. Write it down.
Actually, I use between pwgen -n 8 (user pw) and pwgen -n 16 (LUKS encryption).
I memorize the most import
Brad Rogers wrote on 20/03/2024 at 18:39:30+0100:
> On Wed, 20 Mar 2024 17:09:31 +0100
> Pierre-Elliott Bécue wrote:
>
> Hello Pierre-Elliott,
>
>>Most of the time, writing down a password is a very bad idea.
>
> Not in your own home. And in any event, it depends wher
eering is perfect.
>> >> >
>> >> > Better is a random string that you write down. When people try to
>> >> > generate phrases that meet those requirements they usually fail.
>> >>
>> >> Writing down a password is a ba
On Wed, 20 Mar 2024 17:09:31 +0100
Pierre-Elliott Bécue wrote:
Hello Pierre-Elliott,
>Most of the time, writing down a password is a very bad idea.
Not in your own home. And in any event, it depends where one keeps that
'written down' password.
And if it *does* become an
hen people try to
> >> > generate phrases that meet those requirements they usually fail.
> >>
> >> Writing down a password is a bad idea.
> >
> > I don't think that's true anymore. The threat being mitigated is the
> > network attacker.
John Hasler wrote on 20/03/2024 at 17:21:20+0100:
> Pierre-Elliott Bécue writes:
>> Writing down a password is a bad idea.
>
> Why?
Because anyone falling on the paper with the password can do a lot of
harm. Because you can't control what this paper will become with
certaint
member but that would be hardcore to guess
>> >> through social engineering is perfect.
>> >
>> > Better is a random string that you write down. When people try to
>> > generate phrases that meet those requirements they usually fail.
>>
>> Writing down a pas
On 20/03/2024 23:19, Jeffrey Walton wrote:
The network attacker cannot (yet) reach through a
monitor and read a sticky note.
It may be visible during a video call performed from a smartphone.
Pierre-Elliott Bécue writes:
> Writing down a password is a bad idea.
Why?
--
John Hasler
j...@sugarbit.com
Elmwood, WI USA
rfect.
> >
> > Better is a random string that you write down. When people try to
> > generate phrases that meet those requirements they usually fail.
>
> Writing down a password is a bad idea.
I don't think that's true anymore. The threat being mitigated is the
John Hasler wrote on 20/03/2024 at 17:02:41+0100:
> Use one of the password generating programs such as pwgen to produce a
> 12 character random password. Write it down.
Most of the time, writing down a password is a very bad idea.
--
PEB
signature.asc
Description: PGP signature
nerate phrases that meet those requirements they usually fail.
Writing down a password is a bad idea.
Managing passwords through a password-store (eg pass, keepassxc,
whatever tool you prever) is a great idea, but you first need to unlock
your disk that hopefully you encrypted and then your sessio
Use one of the password generating programs such as pwgen to produce a
12 character random password. Write it down.
--
John Hasler
j...@sugarbit.com
Elmwood, WI USA
On 20 Mar 2024 10:58 -0500, from j...@sugarbit.com (John Hasler):
>> A phrase you will easily remember but that would be hardcore to guess
>> through social engineering is perfect.
>
> Better is a random string that you write down. When people try to
> generate phrases that meet those requirement
Pierre-Elliott Bécue writes:
> A phrase you will easily remember but that would be hardcore to guess
> through social engineering is perfect.
Better is a random string that you write down. When people try to
generate phrases that meet those requirements they usually fail.
--
John Hasler
j...@su
take about 3.6*10^38
> _years_ to go through. A widely agreed-upon figure for the age of the
> universe is around 1.4*10^10 years. Therefore such a password would
> take, very roughly, 10^28 times the age of the universe to brute
> force.
>
> Of course, with only 32 characters actua
I must mention that "32 characters" is only my guess.
In the Handbook it is said: "The root user's password should be long (12
characters or more) and impossible to guess."
Also, i must again say that in my case we speak just about a humble home
desktop, without a &q
ters),
32 characters is equivalent to about 203 bits. (82^32 ~ 2^203 or,
expressed differently, log_2(82^32) ~ 203.)
At a rate of 2^50 guesses per second, that will take about 3.6*10^38
_years_ to go through. A widely agreed-upon figure for the age of the
universe is around 1.4*10^10 years. Therefor
Jan Krapivin wrote on 19/03/2024 at 15:42:55+0100:
> I read Debian Administrator's handbook now. And there are such words:
>
> The root user's password should be long (12 characters or more) and
> impossible to guess. Indeed, any computer (and a fortiori any serve
. It is wise to avoid gratuitous rotation schemes.
I will be the last ne to advocate any gratuitous rotation scheme (key
or password or anything).
My point is giving users enough wits and power (and competent help) to
make good decisions and to implement them.
If my laptop gets stolen, I'll de
On Wed, Mar 20, 2024 at 7:03 AM Michael Kjörling <2695bd53d...@ewoof.net> wrote:
>
> On 20 Mar 2024 15:46 +0800, from jeremy.ard...@gmail.com (jeremy ardley):
> > Regarding certificates, I issue VPN certificates to be installed on each
> > remote device. I don't use public key.
>
> What exactly is
jeremy ardley wrote:
>
> On 20/3/24 19:03, Michael Kjörling wrote:
> > On 20 Mar 2024 15:46 +0800, fromjeremy.ard...@gmail.com (jeremy ardley):
> > > [users are locked out from uploading their public key using ssh-copy-id]
> > So the private keys aren't private, thereby invalidating a lot of
> >
On 20 Mar 2024 12:17 +0100, from to...@tuxteam.de:
>>> For ssh use I issue secret keys to each user and maintain matching public
>>> keys in LDAP servers [...]
>
>> So the private keys aren't private, thereby invalidating a lot of
>> assumptions inherent in public key cryptography.
>
> We are usi
On 20 Mar 2024 19:21 +0800, from jeremy.ard...@gmail.com (jeremy ardley):
>>> Regarding certificates, I issue VPN certificates to be installed on each
>>> remote device. I don't use public key.
>>
>> What exactly is this "certificate" that you speak of? In typical
>> usage, it means a public key p
On 20/3/24 19:03, Michael Kjörling wrote:
On 20 Mar 2024 15:46 +0800, fromjeremy.ard...@gmail.com (jeremy ardley):
Regarding certificates, I issue VPN certificates to be installed on each
remote device. I don't use public key.
What exactly is this "certificate" that you speak of? In typical
On Wed, Mar 20, 2024 at 11:03:16AM +, Michael Kjörling wrote:
> On 20 Mar 2024 15:46 +0800, from jeremy.ard...@gmail.com (jeremy ardley):
> > Regarding certificates, I issue VPN certificates to be installed on each
> > remote device. I don't use public key.
>
> What exactly is this "certificat
On 20 Mar 2024 15:46 +0800, from jeremy.ard...@gmail.com (jeremy ardley):
> Regarding certificates, I issue VPN certificates to be installed on each
> remote device. I don't use public key.
What exactly is this "certificate" that you speak of? In typical
usage, it means a public key plus some surr
On 20/3/24 13:32, to...@tuxteam.de wrote:
How will a "VPN" with a "certificate" (whatever that means in this > context) be more secure than a SSH (assuming key pair
authentication, > not password)? > > They are doing the same dance (key
exchange, ke
pported in sshd via pam.
> >
> > How will a "VPN" with a "certificate" (whatever that means in this context)
> > be more secure than a SSH (assuming key pair authentication, not password)?
>
> This may be more theoretical, but... IPSec uses
> Encr
context)
> be more secure than a SSH (assuming key pair authentication, not password)?
This may be more theoretical, but... IPSec uses
Encrypt-then-Authenticate (EtA), which is provably secure under random
models. In fact, I believe IPSec is IND-CCA2 secure (Ciphertext
Indistinguishability), which is
s root. A
> further enhancement of security is to use 2-factor authentication - which is
> supported in sshd via pam.
How will a "VPN" with a "certificate" (whatever that means in this context)
be more secure than a SSH (assuming key pair authentication, not password)?
They are
Michael Kjörling <2695bd53d...@ewoof.net> wrote:
> For most values of "you", most attackers don't care about _your_
> account, or _your_ system; they care about _any_ account, or _any_
> system. Actually targeted attacks do happen, but very rarely compared
> to what might be thought of as attacker
On 19/3/24 23:02, Greg Wooledge wrote:
On Tue, Mar 19, 2024 at 05:42:55PM +0300, Jan Krapivin wrote:
The root user's password should be long (12 characters or more) and
impossible to guess. Indeed, any computer (and a fortiori any server)
connected to the Internet is regularly target
1 - 100 of 3067 matches
Mail list logo
