Re: [hlds] SRCDS Protect Tips

[dmex]

I quote CodeProject: "Long passwords are for lunatics!"
Before you start questioning that statement, If the SteamID is locked for 24
hours after three unsuccessful attempts, a six-digit PIN can withstand 100
years of sustained attack (unless they have physical access to your box).

Just think about that for one second, a 100 years to crack a 6 digit 
numerical password...


Now set banpenalty and maxfailures in your server.cfg then you don't need to 
bother with really long/complex passwords because an attacker is only going 
to get 3 attempts a day..

// Number of minutes to ban users who fail rcon authentication, 1440 = 24h
sv_rcon_banpenalty 1440
// Max number of times a user can fail rcon authentication before being 
banned
sv_rcon_maxfailures 3

I also suggest everyone having a read of this article to understand a bit 
better why long passwords are for lunatics:
http://www.theatlantic.com/science/archive/2010/09/password-unprotected/62656/

dmex

-----Original Message----- 
From: e...@ccgaming.com
Sent: Sunday, September 12, 2010 10:14 AM
To: Half-Life dedicated Win32 server mailing list
Subject: Re: [hlds] SRCDS Protect Tips

HLSW and rcon commands that I want to see output from (rcon status for
instance), amongst other reasons.
-----Original Message-----
From: Michael Krasnow <mnk...@gmail.com>
Sender: hlds-boun...@list.valvesoftware.com
Date: Sat, 11 Sep 2010 22:08:02
To: Half-Life dedicated Win32 server mailing
list<hlds@list.valvesoftware.com>
Reply-To: Half-Life dedicated Win32 server mailing list
<hlds@list.valvesoftware.com>
Subject: Re: [hlds] SRCDS Protect Tips

but who needs an rcon_password, sm_rcon anyone?

On Sat, Sep 11, 2010 at 10:00 PM, ics <i...@ics-base.net> wrote:

 As if rcon passwords matter that much ;)

If we talk generally about passwords, then you are correct.

-ics

12.9.2010 3:41, Codeseer kirjoitti:

 Any hacker or cryptologist will disagree with this. As you go up in
length
for passwords they are less secure using just letters and numbers, than
using symbols in addition. A case insensitive compilation of a-z, A-Z,
and
0-9 contains 62 symbol counts, while all of the American standard code
for
information interchange characters result in a symbol count of 94. An
attacker has to generate approximately 50% of the possible combinations
to
achieve success; if the possible combinations (enhanced by symbol counts)
are increased, it will take the attacker longer and be more difficult for
them to crack the password.

-----Original Message-----
From: hlds-boun...@list.valvesoftware.com
[mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of ics
Sent: Saturday, September 11, 2010 5:29 PM
To: Half-Life dedicated Win32 server mailing list
Subject: Re: [hlds] SRCDS Protect Tips

  Any password such as S5Df2lf5F0skj4On or Fs3Kl89Gh57kLG was secure as
it can be, without any extra marks like @,%,&  etc. Also it does not help
to have a good password if that is leaking from the server itself all
the time to the hostile attackers so first of all, keep the server
secured and run plugins to prevent malicious exploits. Just keep that in
mind.

-ics

11.9.2010 23:24, Mark Gunnett kirjoitti:

Just an FYI, the server does not like some of the passwords with

characters

when set in the commandline. Even with quotes... Well from TF2 in my
experience. Specifically the @ symbol.

-----Original Message-----

From: hlds-boun...@list.valvesoftware.com
[mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of
hyp...@arcor.de
Sent: Saturday, September 11, 2010 3:51 PM
To: Half-Life dedicated Win32 server mailing list
Subject: Re: [hlds] SRCDS Protect Tips

Use a password generator for strong passwords.

Search for "PC Tools Password Utilities" in your favorite search
website
for
example-

I'm using passwords with puncation, mixed case. non-repeating chars,
numbers
with 8 to 32
chars.

If you can't memorise the passwords, youse the old method, biro/pencil
a
sheet of paper! ;)


_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds


_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds



_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds




--
Michael Krasnow
http://mnkras.com
mnk...@gmail.com
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds 


_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds