[Labs-l] 2-factor shell auth (was:second attempt to request alternative login server)
Petr Bena
benapetr at gmail.com
Wed Mar 6 19:12:01 UTC 2013
Do you know that we are talking about labs and not production? I don't
want to look like some insecure-stuff loving guy - but why in the
world someone wanted to brute force into labs? If I was hacker and I
wanted to get into labs - I would just request an account and I would
get it...
Do we need some high tech security here?
On Wed, Mar 6, 2013 at 7:45 PM, Leslie Carr <lcarr at wikimedia.org> wrote:
> On Wed, Mar 6, 2013 at 10:19 AM, Matthew Walker <mwalker at wikimedia.org> wrote:
>>> [removed garbage about password auth being wonderful...]
>>
>> I don't feel passwords are any more or less secure than keys. In some cases
>> keys can be even less secure if you're doing agent forwarding.
>
> Yes passwords are less secure than keys - egads. The amount of
> entropy in a key makes it impossible to brute force in this day and
> age (https://www.youtube.com/watch?v=BA6kG-tOkBs) versus passwords
> which have much less entropy. You should still password protect your
> key in case your laptop/key storage is accessed.
>
> --
> Leslie Carr
> Wikimedia Foundation
> AS 14907, 43821
> http://as14907.peeringdb.com/
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l
More information about the Labs-l
mailing list