On 03/05/13 15:36, Lars Noodén wrote:
On 03/05/2013 10:29 PM, Peter Bisroev wrote:
[snip]
100% agree. Having unencrypted private keys was one of the reasons
that I have started looking into OTP/TOTP. At this point, I think it
is probably better to force "untrusted" users (those who cannot be
trusted to keep their private keys encrypted) to use TOTP with
sufficiently long passwords (login_totp-and-pwd) and allow trusted
users a bit more freedom.
[snip]
What level of encryption is deemed adequate nowadays?
Regards,
/Lars
who have you pissed off/enticed, and what other entry methods are you
exposing?
Realistically, cracking encryption is not high on attacker's list of
methods at the moment...usually other ways are faster and more productive.
On the other hand...if this is the only exposure you have AND they want
you...crank it. Otherwise, you are probably putting too many big locks
on the secure door...and neglecting the open window next to it.
Nick.
