Do you know that we are talking about labs and not production? I don't want to look like some insecure-stuff loving guy - but why in the world someone wanted to brute force into labs? If I was hacker and I wanted to get into labs - I would just request an account and I would get it...
Do we need some high tech security here? On Wed, Mar 6, 2013 at 7:45 PM, Leslie Carr <[email protected]> wrote: > On Wed, Mar 6, 2013 at 10:19 AM, Matthew Walker <[email protected]> wrote: >>> [removed garbage about password auth being wonderful...] >> >> I don't feel passwords are any more or less secure than keys. In some cases >> keys can be even less secure if you're doing agent forwarding. > > Yes passwords are less secure than keys - egads. The amount of > entropy in a key makes it impossible to brute force in this day and > age (https://www.youtube.com/watch?v=BA6kG-tOkBs) versus passwords > which have much less entropy. You should still password protect your > key in case your laptop/key storage is accessed. > > -- > Leslie Carr > Wikimedia Foundation > AS 14907, 43821 > http://as14907.peeringdb.com/ > > _______________________________________________ > Labs-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/labs-l _______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
