[Beowulf] Re: "hobbyists"
landman at scalableinformatics.com
Thu Jun 19 20:08:43 EDT 2008
Chris Samuel wrote:
> ----- "Robert G. Brown" <rgb at phy.duke.edu> wrote:
>> IIRC almost any of the high-end encryption routines available within
>> linux are effectively uncrackable, certainly uncrackable to somebody
>> with less than NSA-class resources.
> As long as the implementation is correct.. <cough>Debian SSL</cough>. :-)
N-tro-PEE? We dont need no steen-keen N-tro-PEE!
Get yer fresh hot bits here, all 15 of them.
> Humans are always the weak links in these things,
> whether that be implementation, crypto security or
> just doing plain dumb things like sending an email
> confirmation in the clear containing plain text
> passwords that were submitted over SSL.
People spend lots of time and effort on security theater. Make up odd
rules for passwords. Make them hard to guess and crack. Well, is that
the vector for break-ins? Weak passwords?
I saw a linux machine (a cluster) rooted. It was rooted because of a
person with a windows laptop that happened to catch a key logger.
Crackers had been attempting to break in to that machine for a long
time, and here goes a grad student, and gives them the password. Worse,
this grad student acted in a way we advised against, and ran jobs from
root. Yeah, I know.
Security theater is troubling. It gives us sheep the appearance of
being secure, without any real additional value.
Opie and multi-factor are hard to beat. And no theater needed. Even
better, no worries about replay attacks with opie, or with a
multi-factor that disables a password upon use.
But even with these, you still need good *real* practices. A
non-security theater practice would limit the damage one can do in a
non-privileged setting. SElinux and Apparmor try to limit the damage
even in a secure setting, though I am not sure how well they do there.
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics LLC,
email: landman at scalableinformatics.com
web : http://www.scalableinformatics.com
phone: +1 734 786 8423
fax : +1 866 888 3112
cell : +1 734 612 4615
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Beowulf