I find this discussion fascinating as a security noob. What is the difference between secret key and secret password in terms of why it would be more secure? Is it just a matter of character length?
And, out of curiosity, if I have a password that is 6-10 characters long with any combination of numbers, symbols, and letters, how long could a brute force attack take before it was figured out? I guess my real question is: If I don't really have a lot of data on my machine that people would be wanting to steal, does my level of danger warrant the million-dollar safe, as it were? Christijan Web Developer BYU Graduate Studies (801) 422-5658 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter McNabb Sent: Thursday, July 31, 2008 12:34 PM To: [EMAIL PROTECTED] Subject: Re: [uug] PKI, Public Keys, secrets, and obscurity On Thu, Jul 31, 2008 at 11:06:53AM -0700, Bryan Murdock wrote: > On Thu, Jul 31, 2008 at 9:58 AM, Von Fugal <[EMAIL PROTECTED]> wrote: > > There is a fundemental difference between your secret hiding in the > > algorithm and a secret you can keep as secret as physically > > possible. > > I run ssh on my internet facing linux machine at home. I have a > secret ssh key on a machine at work that allows me to authenticate and > log in to my machine at home. I don't allow password authentication > (and I do run it on the standard port, for what it's worth). No > Security by Obscurity right? Security geeks pat me on the back. Now, > let's say Joe sysadmin at work decides to throw ethics out the window > and use his root access to grab my key out of my home directory and > log into my home machine? What happened to that fundamental > difference in security? Joe didn't even need a top-secret super > high-powered NSA key-cracking machine! Right, because "as secret as physically possible" to some people apparently means "in plain sight of another person". If you want a secret to remain secret, don't put it out of your control. You should go back and read Von's posts again and rethink your concept of security. He's right on. Of course, we were in CS 465 together. :) -peter -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/mailman/listinfo/uug-list -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/mailman/listinfo/uug-list
