On Wed, Mar 6, 2013 at 11:12 AM, Petr Bena <[email protected]> wrote: > Do you know that we are talking about labs and not production? I don't > want to look like some insecure-stuff loving guy - but why in the > world someone wanted to brute force into labs? If I was hacker and I > wanted to get into labs - I would just request an account and I would > get it... >
We have already had an incident in labs where hackers gained access to instances and were using it for scam mail. Even if it's not a targeted attack, people will try to brute force any public ip to gain access for spamming or other nefarious purposes. > Do we need some high tech security here? > > On Wed, Mar 6, 2013 at 7:45 PM, Leslie Carr <[email protected]> wrote: >> On Wed, Mar 6, 2013 at 10:19 AM, Matthew Walker <[email protected]> >> wrote: >>>> [removed garbage about password auth being wonderful...] >>> >>> I don't feel passwords are any more or less secure than keys. In some cases >>> keys can be even less secure if you're doing agent forwarding. >> >> Yes passwords are less secure than keys - egads. The amount of >> entropy in a key makes it impossible to brute force in this day and >> age (https://www.youtube.com/watch?v=BA6kG-tOkBs) versus passwords >> which have much less entropy. You should still password protect your >> key in case your laptop/key storage is accessed. >> >> -- >> Leslie Carr >> Wikimedia Foundation >> AS 14907, 43821 >> http://as14907.peeringdb.com/ >> >> _______________________________________________ >> Labs-l mailing list >> [email protected] >> https://lists.wikimedia.org/mailman/listinfo/labs-l > > _______________________________________________ > Labs-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/labs-l -- Leslie Carr Wikimedia Foundation AS 14907, 43821 http://as14907.peeringdb.com/ _______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
