Have any reccomendations for these 2 settings? // Number of times a user can fail rcon authentication in sv_rcon_minfailuretime before being banned sv_rcon_minfailures // Number of seconds to track failed rcon authentications sv_rcon_minfailuretime
On Sun, Sep 12, 2010 at 5:04 PM, dmex <dme...@gmail.com> wrote: > I quote CodeProject: "Long passwords are for lunatics!" > > Before you start questioning that statement, If the SteamID is locked for > 24 > hours after three unsuccessful attempts, a six-digit PIN can withstand 100 > years of sustained attack (unless they have physical access to your box). > > Just think about that for one second, a 100 years to crack a 6 digit > numerical password... > > > Now set banpenalty and maxfailures in your server.cfg then you don't need > to bother with really long/complex passwords because an attacker is only > going to get 3 attempts a day.. > > // Number of minutes to ban users who fail rcon authentication, 1440 = 24h > sv_rcon_banpenalty 1440 > // Max number of times a user can fail rcon authentication before being > banned > sv_rcon_maxfailures 3 > > I also suggest everyone having a read of this article to understand a bit > better why long passwords are for lunatics: > > http://www.theatlantic.com/science/archive/2010/09/password-unprotected/62656/ > > dmex > > -----Original Message----- From: e...@ccgaming.com > Sent: Sunday, September 12, 2010 10:14 AM > To: Half-Life dedicated Win32 server mailing list > Subject: Re: [hlds] SRCDS Protect Tips > > HLSW and rcon commands that I want to see output from (rcon status for > instance), amongst other reasons. > -----Original Message----- > From: Michael Krasnow <mnk...@gmail.com> > Sender: hlds-boun...@list.valvesoftware.com > Date: Sat, 11 Sep 2010 22:08:02 > To: Half-Life dedicated Win32 server mailing > list<hlds@list.valvesoftware.com> > Reply-To: Half-Life dedicated Win32 server mailing list > <hlds@list.valvesoftware.com> > Subject: Re: [hlds] SRCDS Protect Tips > > but who needs an rcon_password, sm_rcon anyone? > > On Sat, Sep 11, 2010 at 10:00 PM, ics <i...@ics-base.net> wrote: > > As if rcon passwords matter that much ;) >> >> If we talk generally about passwords, then you are correct. >> >> -ics >> >> 12.9.2010 3:41, Codeseer kirjoitti: >> >> Any hacker or cryptologist will disagree with this. As you go up in >> length >> >>> for passwords they are less secure using just letters and numbers, than >>> using symbols in addition. A case insensitive compilation of a-z, A-Z, >>> and >>> 0-9 contains 62 symbol counts, while all of the American standard code >>> for >>> information interchange characters result in a symbol count of 94. An >>> attacker has to generate approximately 50% of the possible combinations >>> to >>> achieve success; if the possible combinations (enhanced by symbol counts) >>> are increased, it will take the attacker longer and be more difficult for >>> them to crack the password. >>> >>> -----Original Message----- >>> From: hlds-boun...@list.valvesoftware.com >>> [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of ics >>> Sent: Saturday, September 11, 2010 5:29 PM >>> To: Half-Life dedicated Win32 server mailing list >>> Subject: Re: [hlds] SRCDS Protect Tips >>> >>> Any password such as S5Df2lf5F0skj4On or Fs3Kl89Gh57kLG was secure as >>> it can be, without any extra marks like @,%,& etc. Also it does not help >>> to have a good password if that is leaking from the server itself all >>> the time to the hostile attackers so first of all, keep the server >>> secured and run plugins to prevent malicious exploits. Just keep that in >>> mind. >>> >>> -ics >>> >>> 11.9.2010 23:24, Mark Gunnett kirjoitti: >>> >>> Just an FYI, the server does not like some of the passwords with >>>> >>>> characters >>> >>> when set in the commandline. Even with quotes... Well from TF2 in my >>>> experience. Specifically the @ symbol. >>>> >>>> -----Original Message----- >>>> >>>> From: hlds-boun...@list.valvesoftware.com >>>>> [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of >>>>> hyp...@arcor.de >>>>> Sent: Saturday, September 11, 2010 3:51 PM >>>>> To: Half-Life dedicated Win32 server mailing list >>>>> Subject: Re: [hlds] SRCDS Protect Tips >>>>> >>>>> Use a password generator for strong passwords. >>>>> >>>>> Search for "PC Tools Password Utilities" in your favorite search >>>>> website >>>>> for >>>>> example- >>>>> >>>>> I'm using passwords with puncation, mixed case. non-repeating chars, >>>>> numbers >>>>> with 8 to 32 >>>>> chars. >>>>> >>>>> If you can't memorise the passwords, youse the old method, biro/pencil >>>>> a >>>>> sheet of paper! ;) >>>>> >>>>> >>>>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >>> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> >> > > > -- > Michael Krasnow > http://mnkras.com > mnk...@gmail.com > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
