Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.misc > #24253
| From | William Unruh <unruh@invalid.ca> |
|---|---|
| Newsgroups | alt.os.linux, comp.os.linux.misc, comp.security.misc |
| Subject | Re: random passwords |
| Date | 2018-08-23 17:02 +0000 |
| Organization | A noiseless patient Spider |
| Message-ID | <plmpak$ooq$2@dont-email.me> (permalink) |
| References | (2 earlier) <plko2r$i9f$1@tncsrv09.home.tnetconsulting.net> <plkv63$ab3$1@dont-email.me> <pllofa$fbr$1@news1.tnib.de> <plm57g$p91$2@dont-email.me> <878t4xgouh.fsf_-_@miko.siamics.net> |
Cross-posted to 3 groups.
On 2018-08-23, Ivan Shmakov <ivan@siamics.net> wrote: >>>>>> Rich <rich@example.invalid> writes: > > [Cross-posting to news:comp.security.misc, as this article's > matter is not specific to GNU/Linux.] > > [...] > > > For password auth, if a proper length, properly random, password > > is utilized, the space of possible keys (passwords) is already large > > enough that even with knowledge of the username, an attacker will not > > guess the password in any reasonable timeframe. > > > Sadly, too many folks passwords are much too weak (not proper length, > > not randomly generated) > > I'm actually curious on what recent research says about the > amount of randomness that one should have in one's password? > (Or, to put it other way around, how simple one password has > to be for it to be possible to break it in reasonable time > under one threat model or another?) > > For instance, there's an entire class of passwords, such as > ghjDthrf1 and gf!Hjkm, which, while most certainly /not/ random, > would require some rather specific assumptions about the targeted > user to guess correctly in a reasonable number of attempts. > > The obvious problem with completely random passwords is that > they generally require some means to store them securely, and > these means in turn may become both an attack vector and a > single point of failure. > > FWIW, I tend to prefer "word-based" passwords (or even > "sentence-based"; not dissimilar to, say, 2onEjoy) to random ones. > > > that having the username not be easy to deduce does add security for > > them. But their proper solution should be to "utilize a proper length, > > properly randomly generated, password" rather than "hide my username". > > Another important measure to use is to limit the number of > authentication attempts per unit of time. Applying a generous > number of iterations of a message digest function to the password > already does this, but also using something along the lines of > fail2ban won't hurt. One problem with fail2ban is that people are setting up bot networks to attack. Thus the password attempts are not coming from a single IP, but from all over the world. And with the Internet of Things, the number of toasters available to attack your machine is almost infinite. >
Back to comp.os.linux.misc | Previous | Next — Previous in thread | Next in thread | Find similar
Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Nobody <noreply@mixnym.net> - 2018-08-22 16:44 -0500
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-22 22:04 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-22 16:22 -0600
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-23 00:29 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Arlen Holder <arlenholder@nospam.net> - 2018-08-23 01:37 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Marc Haber <mh+usenetspam1118@zugschl.us> - 2018-08-23 09:41 +0200
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Rich <rich@example.invalid> - 2018-08-23 11:19 +0000
random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 14:05 +0000
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-23 10:39 -0400
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 16:33 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 16:57 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:07 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-23 09:47 -0500
Re: random passwords Wouter Verhelst <w@uter.be> - 2018-08-24 10:16 +0200
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:46 +0100
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-24 09:19 -0400
Re: random passwords Daniel60 <daniel47@eternal-september.org> - 2018-08-25 21:57 +1000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-25 13:32 +0100
Re: random passwords Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2018-08-25 20:05 +0000
Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-08-23 15:50 +0100
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 16:40 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:12 +0000
Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-08-23 18:49 +0100
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-09-01 13:45 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-09-01 15:02 +0000
Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-09-01 16:54 +0000
Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-09-04 07:37 +0100
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 15:12 +0000
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-23 12:49 -0400
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:18 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:27 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:44 +0000
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:38 -0600
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:47 -0600
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-24 02:20 +0000
Re: random passwords Jasen Betts <jasen@xnet.co.nz> - 2018-08-24 05:10 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 02:32 +0100
Re: random passwords Rich <rich@example.invalid> - 2018-08-24 01:56 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:37 +0100
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 20:13 -0600
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:42 +0100
Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-24 11:55 +0100
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-24 08:37 -0400
Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-24 13:51 +0100
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-24 12:41 -0400
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-25 02:03 +0000
Re: random passwords Java Jive <java@evij.com.invalid> - 2018-08-25 11:32 +0100
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-25 07:49 -0400
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-27 23:12 +0000
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-27 23:40 +0000
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-27 20:10 -0400
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-28 00:17 +0000
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-27 20:52 -0400
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-27 22:31 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-28 10:23 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-28 14:45 +0000
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-28 23:00 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 01:22 +0000
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-29 07:21 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 11:37 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 12:25 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 19:35 +0100
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-29 17:46 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-30 06:53 +0100
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-30 07:48 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-30 19:07 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-31 00:36 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-31 03:10 +0100
Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-31 12:26 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 23:36 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 11:35 +0100
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-29 23:45 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-24 18:07 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-24 20:27 +0000
Re: random passwords Bud Frede <frede@mouse-potato.com> - 2018-09-03 07:23 -0400
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:02 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 17:25 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:32 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:46 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 18:07 +0000
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:51 -0600
Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-08-24 02:35 +0000
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-25 11:13 -0500
Re: random passwords Rich <rich@example.invalid> - 2018-08-25 17:24 +0000
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-25 13:17 -0500
Re: random passwords Rich <rich@example.invalid> - 2018-08-25 20:27 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-25 21:28 -0500
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-26 01:19 -0400
Re: random passwords Rich <rich@example.invalid> - 2018-08-26 13:43 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-26 14:15 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-26 15:18 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 09:30 -0500
Re: random passwords Michael Black <mblack@pubnix.net> - 2018-08-26 11:44 -0400
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-26 16:40 -0500
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 21:11 -0500
Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-08-28 13:29 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-28 14:32 +0100
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 07:17 +0100
Re: random passwords Melzzzzz <Melzzzzz@zzzzz.com> - 2018-08-27 06:21 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 08:15 +0100
Re: random passwords Roger Blake <rogblake@iname.invalid> - 2018-08-27 22:44 +0000
Re: random passwords azigni <azigni@yahoo.com> - 2018-08-26 12:55 -0600
Re: random passwords Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2018-08-26 19:19 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 16:09 -0500
Re: random passwords Rich <rich@example.invalid> - 2018-08-26 21:32 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 21:11 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 07:19 +0100
Re: random passwords Doug McIntyre <merlyn@dork.geeks.org> - 2018-08-26 00:41 -0500
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 06:48 -0500
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Marc Haber <mh+usenetspam1118@zugschl.us> - 2018-08-23 19:49 +0200
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Bud Frede <frede@mouse-potato.com> - 2018-08-26 18:52 -0400
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-27 00:06 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Dan Espen <dan1espen@gmail.com> - 2018-08-26 21:01 -0400
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-23 16:59 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Eli the Bearded <*@eli.users.panix.com> - 2018-08-23 18:46 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 13:03 -0600
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Eli the Bearded <*@eli.users.panix.com> - 2018-08-24 00:33 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 18:43 -0600
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Eli the Bearded <*@eli.users.panix.com> - 2018-08-24 05:16 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 23:43 -0600
secure file distribution Ivan Shmakov <ivan@siamics.net> - 2018-08-25 17:05 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-24 02:26 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades elvis-85650@notatla.org.uk - 2018-08-23 19:06 +0000
csiph-web