Date: Sun, 31 May 2009 10:43:47 +0200 (CEST) From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> To: perryh@pluto.rain.com Cc: freebsd-questions@freebsd.org Subject: Re: Remotely edit user disk quota Message-ID: <alpine.BSF.2.00.0905311038590.23127@wojtek.tensor.gdynia.pl> In-Reply-To: <4a21fb4f.tCv44B9UaB1L03/b%perryh@pluto.rain.com> References: <200905281030.n4SAUXdA046386@banyan.cs.ait.ac.th> <200905280847.12966.kirk@strauser.com> <alpine.BSF.2.00.0905281553001.60364@wojtek.tensor.gdynia.pl> <200905280904.44025.kirk@strauser.com> <20090528183801.82b36bbb.freebsd@edvax.de> <alpine.BSF.2.00.0905282129560.61809@wojtek.tensor.gdynia.pl> <4a1f9cf7.UEl7lAiK4FGe5eG7%perryh@pluto.rain.com> <alpine.BSF.2.00.0905291249220.10254@wojtek.tensor.gdynia.pl> <4a21fb4f.tCv44B9UaB1L03/b%perryh@pluto.rain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> same user password somewhere else. > > The whole point of ssh is to prevent this sort of thing, by > encrypting the message traffic over this insecure communication > channel. I think most people using ssh already know it. or maybe not?:) An attacker may be able to intercept the encrypted > traffic, but it will take a skilled cryptanalyst and a lot of CPU > time -- or the attacker will have to be very lucky -- to decrypt > the message and recover the passwords while they are still valid. All of this things are strong enough to require billions of years to crack or more. >From the beginning my point of this discussion is to stop stupidly repeating "golden rules" like - program a is secure - program b is insecure - so just don't use program b Because it teaches people not to think. There are difference between "insecure program" and "program without extra security". > (You *do* change passwords periodically, don't you?) Of course!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0905311038590.23127>