From owner-freebsd-questions Wed Nov 7 5:57:12 2001 Delivered-To: freebsd-questions@freebsd.org Received: from atkielski.com (atkielski.com [161.58.232.69]) by hub.freebsd.org (Postfix) with ESMTP id 89EA637B41A for ; Wed, 7 Nov 2001 05:57:08 -0800 (PST) Received: from contactdish (ASt-Lambert-101-2-1-14.abo.wanadoo.fr [193.251.59.14]) by atkielski.com (8.11.6) id fA7DuNL55648; Wed, 7 Nov 2001 14:56:23 +0100 (CET) Message-ID: <00ca01c16794$12a7eba0$0a00000a@atkielski.com> From: "Anthony Atkielski" To: "Erik Trulsson" , "FreeBSD Questions" References: <000201c166a2$d2ed80c0$1401a8c0@tedm.placo.com> <001401c166a9$9b976120$0a00000a@atkielski.com> <20011106180650.A72863@student.uu.se> Subject: Re: Lockdown of FreeBSD machine directly on Net Date: Wed, 7 Nov 2001 14:56:58 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Erik writes: > There is no such thing as 100% security. Sure there is. Shannon proved it. Some spies and spooks implement it. > This is case where persistence is exactly what > is needed to crack the system. One simply tries > every possible password until one succeeds. With random eight-character alphanumeric passwords and five Telnet login attemps per second, this will take about 1.25 million years, on average, far longer than the lifetime of any attacker, persistent or otherwise. In other words, the system is completely secure in this context through computational feasibility, and you can make it theoretically 100% secure as well by installing a lockout after a certain number of bad password attempts. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message