Bob Konigsberg (bobk @
manzanita .
DEV .
3Com .
COM) wrote:
: I've heard that there is a password generating program that will generate
: fairly random, but pronounceable passwords.
There is a problem with any such program in that in decreases the number
of possible passwords, possibly making a brute force attack feasible.
Is a dictionary attack of another sort.
Others have recommended using fascist password-checking programs and I
concur but it is difficult to be happy with just that.
It is inherently difficult to have difficult to crack, yet easy to
remember, passwords. Passphrases are better in this respect, but
they are difficult to type. An without secure transitive authentication
systems (single-logon), they become tedious to use.
And common passwords, after all, can be sniffed in the absence of other
measures. And people tend to use the same passwords in different systems,
damn, even I sometimes do!
I won't say that reusable passwords as we know them have their days
numbered, but they are becoming more and more the problem rather than
the solution.
I like the solution provided by ssh (and ssh-agent), especially if it
could be combined with some sort of smart card.
Ob. firewalls: What would be the best strategy to use ssh for inbound
access through the firewall in a large environment where the destination
hosts are not guaranteed to be properly managed, yet the firewall
administrator has to implement some sort of policy such as only
allowing specific users in or keeping a log of who did? Would ssh need
an intermediate authentication step at the firewall?
What are others doing?
--
Julio Sanchez, SGI Soluciones Globales Internet
Tel: (91) 804 28 37 Fax: (91) 804 14 05 WWW: http://www.esegi.es
jsanchez @
esegi .
es jsanchez @
gmv .
es
PGP Key fingerprint = E5 29 93 6F 41 4E 00 E2 90 11 A1 8C 72 D0 DE 71
References:
|
|
