nanog mailing list archives
Re: ABOVE.NET SECURITY TRUTHS?
From: Joshua Goodall <joshua () roughtrade net>
Date: Sat, 29 Apr 2000 09:32:00 +0200 (CEST)
Since we are going into a description of cryptography, we might as well bring up that since the random number generator used to generate the supposedly random RSA key pair _is_ predictable ... [split]
This statement is a litle too broad. I would contest that the design of, say, FreeBSD's /dev/random permits sufficient entropy collection to usefully initialise a strong hashing algorithm with a non-predictable vector.
[split] ... the whole idea of perfect security is improbable at best; the exercise does make it difficult for people with only a casual interest in your operations to directly compromise them.
This statement hits the mark, but I like to be explicit, to scare security neophytes: if you have ever crossed-over passwords, shared them between two systems, or made any kind of assumption that means the security of one password has depended on the security of another then all such linked accounts passwords are potentially compromised simultaenously. If you're paranoid enough to accept that, then : a) maybe your security could be good enough b) perhaps you should consider using SSH key agents rather than passwords. - joshua
Current thread:
- RE: ABOVE.NET SECURITY TRUTHS?, (continued)
- RE: ABOVE.NET SECURITY TRUTHS? Roeland Meyer (E-mail) (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Christopher B. Zydel (Apr 29)
- Re: ABOVE.NET SECURITY TRUTHS? Dave Crocker (Apr 29)
- Re: ABOVE.NET SECURITY TRUTHS? Henry R. Linneweh (Apr 29)
- RE: ABOVE.NET SECURITY TRUTHS? Bandy Rush (Apr 28)
- RE: ABOVE.NET SECURITY TRUTHS? John Fraizer (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Steven M. Bellovin (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Paul Ferguson (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Kevin Oberman (Apr 29)
- Re: ABOVE.NET SECURITY TRUTHS? Deepak Jain (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Joshua Goodall (Apr 29)
- Re: ABOVE.NET SECURITY TRUTHS? Deepak Jain (Apr 29)
- RE: ABOVE.NET SECURITY TRUTHS? Roeland Meyer (E-mail) (Apr 29)
- Re: ABOVE.NET SECURITY TRUTHS? Paul Ferguson (Apr 28)
- RE: ABOVE.NET SECURITY TRUTHS? Roeland Meyer (E-mail) (Apr 29)
- RE: ABOVE.NET SECURITY TRUTHS? Deepak Jain (Apr 29)
- Re: ABOVE.NET SECURITY TRUTHS? Austin Schutz (Apr 29)
- Re: ABOVE.NET SECURITY TRUTHS? Michael Shields (Apr 29)